DWF Documentation, Policy and Guides
Latest commit 45f04ad Jan 17, 2017 @kurtseifried kurtseifried committed on GitHub Updated minimal example


Distributed Weakness Filing (DWF) Project

The Distributed Weakness Filing (DWF) Project is the first federated CVE Number Authority (CNA). The DWF will initially deal with assigning CVEs for Open Source software (as defined by OSI approved Open Source licenses https://opensource.org/licenses and similar licenses). The DWF will assign CVEs for valid security vulnerabilities using the same or very similar processes as Mitre and other CVE Numbering Authorities currently use.

Getting a CVE Identifier from the DWF for your security vulnerability(s)

We are currently deciding on process for this, in the mean time you can submit an issue via the form at https://iwantacve.org/

Becoming a CVE Mentor

The first step is to contact us, email is good (see our contact info), or file an issue. To get involved with the DWF as a CVE Mentor you MUST accept the Contributor Covenant.

Becoming an Open Source CNA (CVE Numbering Authority)

To become an Open Source CNA you must meet the following requirements:

1) Fill out a CNA application form (form to be created)

2) Agree to the CNA Rules at https://cve.mitre.org/cve/cna/CNA_Rules_v1.1.pdf

3) Find at least one or more CVE Mentors willing to work with you, they can be internal to your organization/project or an external person.

Assigning a CVE for the DWF

If you are assigning CVEs on behalf of the DWF please consult the CVE Assignment HOWTO.