In response to criticism from the CVE Editorial Board, the MITRE Corporation has decided to put a recently announced pilot program meant to address the need for rapid CVE assignments on hold.
After many researchers complained that they could not obtain Common Vulnerabilities and Exposures (CVE) identifiers for their flaws in a timely manner, MITRE announced that it would launch a pilot program on Monday, March 21, in an attempt to address the issue.
As part of this program, MITRE said it would start assigning federated CVE identifiers using a new format in order to clearly differentiate rapid-assignment IDs from traditional CVEs.
However, members of the CVE Editorial Board, including Red Hat’s Kurt Seifried and Intel Security’s Kent Landfield, pointed out that the new system would have a negative impact on existing CVE tools.
Earlier this month, Seifried proposed a new system, dubbed “Distributed Weakness Filing” (DWF), that would rely on the community to quickly assign CVE identifiers.
Joe Sain, CVE communications and adoption lead at MITRE, said on Friday that the pilot program has been put on “indefinite hold” as a result of the concerns raised with the proposed syntax.
“The pilot was designed to run in parallel and to be completely separate from the production CVE stream, but we certainly understand the importance of not perturbing any operating aspect of CVE,” explained Sain. “Our goal is to be responsive to the critical need for the no-description use case, but we must also ensure that we have the correct operating model.”
“We truly appreciate your feedback, and we are looking forward to developing an operating model that enables CVE to move forward and that preserves the foundational work that the community has put into the effort,” he added.
Sain said MITRE plans on holding an Editorial Board meeting this week to discuss this issue and other concerns members of the board may have.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
