Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Common Vulnerabilities and Exposures (CVE) is a dictionary-type reference system or list for publicly known information-security threats. Every exposure or vulnerability included in the CVE list consists of one common, standardized CVE name.
CVE is maintained by the MITRE Corporation and sponsored by the National Cyber Security Division (NCSD) of the Department of Homeland Security. The CVE dictionary, a shared information security vulnerability data list, may be viewed by the public.
In information security, a vulnerability is a software coding error that is used by hackers to enter an information system and perform unauthorized activities while posing as an authorized user.
An exposure is a software error that allows hackers to break into a system. During an exposure, attackers may gain information or hide unauthorized actions.
Items in the CVE list get names based on the year of their formal inclusion and the order in which they were included in the list that year. The CVE helps computer security tool vendors identify vulnerabilities and exposures. Before CVE, tools had proprietary vulnerability databases, and no common dictionary existed. The key objective of CVE is to help share data across different vulnerable databases and security tools.