Adam Shostack: How to Become a CVE Numbering Authority (CNA)

After the second Workshop on Vulnerability Databases at Purdue, Adam Shostack worked hard to make the Common Vulnerabilities and Exposures (CVE) list a reality. Now broadly used, CVE Numbering Authorities, or CNAs, from around the world are responsible for maintaining the list.

What are the Common Vulnerabilities and Exposures list?

Common Vulnerabilities and Exposures (CVE) is a list that tracks common identifiers for publicly known cybersecurity vulnerabilities that is free for use and download. When parties discuss or share information about a unique security vulnerability found in software or firmware, a CVE Numbering Authority (i.e., CNA) adds the information to the CVE list. This process enables users to exchange data and provides a baseline for evaluation.

How to Become a CNA

Adam Shostack emphasizes that there are numerous considerations and responsibilities in becoming a CNA that ensures the continuing quality of the CVE List and improving CVE’s operation and timeliness. Additionally, potential CNAs must go through a candidate process and possess specific qualifications. If you are interested in becoming a CNA, click here for more information about the process and qualifications required.

Go through Emergent Chaos | The Emergent Chaos Jazz Combo


Author: adamshostack

Adam Shostack is grateful for the opportunity to have served on the Seattle Privacy Coalition Board since 2015.Entrepreneur and technologist Adam Shostack focuses on providing customers with expert security analysis and solutions that work to improve security outcomes for their organizations

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: