|
|
||||
CVE Blog
The purpose of this博客是建立对话,并就CVE重要的问题和主题获取意见。右键单击并复制一个URL以分享帖子,或通过使用我们的帖子对帖子发表评论LinkedIn page或者CVE Request Web Formby selecting “Other” from the dropdown.
CVE计划报告Q1-2020
Comment on LinkedIn|Share this post
The CVE Program’s quarterly calendar year (CY) summary of program milestones and metrics for CY Q1-2020 is below.
CY Q1-2020 Milestones
7 CVE Numbering Authorities (CNAs) Added
Seven newCNAwere added: Alias Robotics (Spain), Ampere Computing (USA), Cybellum (Israel), GitHub (Products Only) (USA), Google LLC (USA), Spanish National Cybersecurity Institute (Spain), and Tcpdump Group (Canada).
CNA规则3.0版发行
Version 3.0 of theCNA Rules生效于3月5日生效,并通过CNA社区的大量投入进行了修订。版本3.0是CNA规则的重大更新。重要的更新包括完善子CNA,根CNA和程序根CNA的角色,同时添加两个新角色:Last Resort(CNA-LR)的秘书处和CNA。为每个角色指定任务,沟通和管理规则。此外,单独的章节指定CVE ID分配规则,其中包括CVE程序的漏洞定义;CVE进入要求;上诉程序;定义CNA的范围;和CNA规则更新章节,其中包含更新CNA规则文档的规则。
YouTube上的CVE程序频道
TheYouTube上的CVE程序频道was launched in March with two playlists, “CVE Basics” with introductory videos for all audiences and “CNA入职指南” with several videos of detailed processes and procedures guidance for organizations that have signed on to participate as official CNAs.
CVE Team atRSA Conference 2020
The CVE Team continued to engage with the community on topics relevant to cybersecurity and CVE by attendingRSA Conference 20202月24日至28日,在美国加利福尼亚州旧金山。CVE团队成员还在整个会议上与感兴趣的组织积极参与有关加入CNA计划的好处。
CVE Team atPSIRT技术口座2020
CVE团队继续与社区参与与网络安全和CVE相关的主题,参与PSIRT技术口座20203月4日至5日,在美国北卡罗来纳州达勒姆。CVE团队成员还在整个会议上与感兴趣的组织积极参与有关加入CNA计划的好处。
New CVE Logo Chosen by the Community
The CVE Program held a徽标竞赛for the community to select a new CVE logo for the CVE Program. The contest began in January with 38 designers providing 260 initial design concepts, from which theCVE宣传与通信工作组(OCWG)选择了8名决赛入围者,以供社区投票。比赛的社区投票部分持续了两个星期,获胜徽标是向社区宣布3月6日(请参阅此处的徽标)。它将在未来几个月内在网站,社交媒体帐户和其他通信材料中推出。
CY Q1-2020指标
Metrics for CY Q1-2020 populated CVE Entries, reserved CVE Entries, and requests for CVE IDs from the CVE Program Root CNA (currently MITRE), are included below. Annual metrics are also included in the charts for year-to-year comparisons.
术语
- Populated – A populated CVE Entry includes the CVE ID, a brief description, at least one public reference, and is available to the general public on theCVE List。
- Reserved – CNAs reserve a CVE ID for a given vulnerability prior to assigning and populating it as a CVE Entry on the CVE List.
Populated CVE Entries
As shown in the table below, CVE Program production was 4,808 CVE Entries for CY Q1-2020, a 15% production increase compared to this same time last year (3,245 CVE Entries for CY Q1-2019). This includes allCVE条目由所有CNA填充。
各个季度按年度填充的CVE条目的比较(图1)
保留的CVE条目
The CVE Program tracks reserved CVE Entries. As shown in the table below, the number of CVE IDs in the reserved state was 6,723 for Q1-2020. The chart below (figure 2) shows the number of CVE IDs added to theCVE Listfor each year. Unlike the table, the CVE IDs in the chart can be either in the reserved or populated state.
Comparison of Reserved CVE Entries by Year for All Quarters - All CNAs Year-to-Date CY Q1-2020 (figure 2)
来自程序根CNA的CVE ID请求
Finally, theCVE Program Root CNAreceives requests for CVE IDs from the community for vulnerabilities and open source software product vulnerabilities that arenot already covered by another CNA。The chart below shows the number of unique requesters that received one or more CVE IDs from the Program Root CNA as of CY Q1-2020, as well as by year.
Requesters that Received a CVE ID from Program Root CNA for CY Q1-2020 and All Years (figure 3)
All CVE Entries Are Assigned by CNAs
上面指标中引用的所有CVE条目均由CNA。CNAare software vendors, open source projects, coordination centers, bug bounty service providers, and research groups authorized by the CVE Program to assign CVE Entries to vulnerabilities within their own specific scopes of coverage. CNAsjoin the programfrom a variety of business sectors; there are minimal requirements, and there is no monetary fee or contract to sign.
现在,120organizations from21各国正在积极参加CVE计划作为CNA。Learn how to become a CNA。
Comments or Questions?
If you have any questions about this article, please use theCVE Request Web Form并从下拉菜单中选择“其他”。
We look forward to hearing from you, but more importantly, we look forward to your participation in the CVE Program!
| - | The CVE Team |
| April 30, 2020 | |
| CVE Request Web Form (select “Other” from dropdown) |
