Have an incident ? Report Here
CVE was launched in 1999 when most cybersecurity tools used their own databases with their own names for security vulnerabilities. At that time there was significant variation among products and no easy way to determine when the different databases were referring to the same problem. The consequences were potential gaps in security coverage and no effective interoperability among the disparate databases and tools. In addition, each tool vendor used different metrics to state the number of vulnerabilities or exposures they detected, which meant there was no standardized basis for evaluation among the tools.
CVE’s common, standardized identifiers provided the solution to these problems.
CVE is now the industry standard for vulnerability and exposure identifiers. CVE Entries — also called “CVEs,” “CVE IDs,” and “CVE numbers” by the community — provide reference points for data exchange so that cybersecurity products and services can speak with each other. CVE Entries also provides a baseline for evaluating the coverage of tools and services so that users can determine which tools are most effective and appropriate for their organization’s needs. In short, products and services compatible with CVE provide better coverage, easier interoperability, and enhanced security.