Context and objective of the blog post
In the Intrusion and Application Security team (called IAS for the rest of the post), we discover and publish vulnerabilities found in commercial products almost every year since 2015. This process is done with the Common Vulnerability and Exposure (CVE) system.
With time, we faced different kinds of issues as well as misunderstandings in the publishing process. Therefore, we decided to create a blog post, in the form of a FAQ, to:
- Provide a better understanding of the CVE system.
- Play to MythBusters with some CVE’s related myths.
- Be transparent and precise about the way we handle a vulnerability that we identify in software (web, mobile, desktop…).