CVE Compatibility Process
The CVE Compatibility Process is a formal review and evaluation process for organizations wishing to declare their information security products and services as CVE-Compatible and have them formally evaluated.
Products and services recognized as Officially CVE-Compatible, as well as those working towards compatibility, will be posted in the "CVE-Compatible Products and Services" section of the CVE Web site and included on handouts at information security and related tradeshows and events at which MITRE exhibits CVE/Making Security Measurable (see the CVE Calendar of Events).
Phase 1 The Declaration Phase:
- Review the "Requirements
and Recommendations for CVE Compatibility" document.
- Review the existing declarations listed on the CVE-Compatible
Products and Services section.
- Send an email to firstname.lastname@example.org
requesting the "CVE Compatibility Declaration Form."
- MITRE sends you the declaration form.
- Complete and return the form to email@example.com.
- Your declaration is posted in the Compatibility section on the CVE Web site.
- If CVE Output, CVE Searchability, and CVE Documentation responses are all "yes," proceed to phase 2. If not, wait and then notify MITRE when these are completed.
Phase 2 The Evaluation Phase:
- Upon completion of phase 1, send an email to firstname.lastname@example.org requesting the "CVE Compatibility Requirements Evaluation Form" questionnaire.
- Complete and return the questionnaire, along with copies of any supporting documentation, to email@example.com.
- The completed questionnaire is reviewed and posted, and the organization is listed as "Officially CVE-Compatible" on the CVE Web site. The organization also receives authorization to use the CVE-Compatible Product/Service logo for the specified product(s) or service(s).
To begin the registration process, review the official CVE Compatibility Process detailed above then send an email to firstname.lastname@example.org requesting the Declaration Form along with your company name and contact information, the type of product, and the name of the product or service.
You will receive specific instructions for completing and submitting additional information as the process continues.