FOR IMMEDIATE RELEASE
April 16, 2025
CVE Foundation Launched to Secure the Future of the CVE Program
[Bremerton, Washington] – The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a
That’s long since been the case, e.g. the Linux Kernel assigns its own CVE numbers, they’re a CNA. Which keeps the “root” CVS database completely out of the loop short of saying “this here is your namespace and scope”. Canonical is a CNA, Airbus is a CNA, both covering their own products. 453 in total.
Still important to have a fallback though because not all projects are big enough to do that kind of stuff, and you always want there to be some database you can report something against.
That’s long since been the case, e.g. the Linux Kernel assigns its own CVE numbers, they’re a CNA. Which keeps the “root” CVS database completely out of the loop short of saying “this here is your namespace and scope”. Canonical is a CNA, Airbus is a CNA, both covering their own products. 453 in total.
Still important to have a fallback though because not all projects are big enough to do that kind of stuff, and you always want there to be some database you can report something against.