[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE request form is missing an important bit


The current form for requesting a CVE ID [1] only has one box that could be used for this, "Additional information", but does not prompt the question at all. The significant thing missing is that when requesting an ID, you should be asked what year the ID is for.

e.g. I requested an ID for my day job yesterday and it even slipped my mind that it technically should have been a 2016 ID since the issue was discovered in December. As the form does not include anything to ask such a question, it didn't occur to me either.

I believe the form needs to add a box or drop-down and request this information, likely with a one-liner about how the year-based assignments work (i.e. year it was discovered and/or disclosed to vendor, not publicly), to better track vulnerabilities by year.


[1] https://cveform.mitre.org/

Page Last Updated or Reviewed: January 05, 2017