Common Vulnerabilities and Exposures

by mrahier96 mrahier96 No Comments

What is the purpose of the Common Vulnerabilities and Exposures (CVE) systems from a security perspective?

Context and objective of the blog post

In the Intrusion and Application Security team (called IAS for the rest of the post), we discover and publish vulnerabilities found in commercial products almost every year since 2015. This process is done with the Common Vulnerability and Exposure (CVE) system.

With time, we faced different kinds of issues as well as misunderstandings in the publishing process. Therefore, we decided to create a blog post, in the form of a FAQ, to:

  1. Provide a better understanding of the CVE system.
  2. Play to MythBusters with some CVE’s related myths.
  3. Be transparent and precise about the way we handle a vulnerability that we identify in software (web, mobile, desktop…).

💡 The content of this post is based on our experience and on the responsible disclosure process that we follow, with the previous help of the Excellium Services’ CSIRT.

🌎 This process is public. Read more