|
|
|
|
|
|
by normie3000
237 days ago
|
|
|
How do CVEs get issued? Where do I apply, who makes decisions, and what software is covered by them? I know these questions are technically answered out there on the internet. But I looked into it a couple of years ago after finding a horrible bug in a popular npm package and the answers weren't clear to me. Can a CVE be issued in retrospect? |
|
|
For most (but certainly not all) projects, you fill out a simple form [0]. I've done it before and it's fairly easy.
> and what software is covered by them?
All software is covered by someone, usually by the vendor themselves or MITRE.
> Can a CVE be issued in retrospect?
Absolutely, but it's fairly uncommon.
[0]: https://cveform.mitre.org/