Common Vulnerabilities and Exposures (CVE)

Definition - What does Common Vulnerabilities and Exposures (CVE) mean?

Common Vulnerabilities and Exposures (CVE) is a dictionary-type reference system or list for publicly known information-security threats. Every exposure or vulnerability included in the CVE list consists of one common, standardized CVE name.

CVE is maintained by the MITRE Corporation and sponsored by the National Cyber Security Division (NCSD) of the Department of Homeland Security. The CVE dictionary, a shared information security vulnerability data list, may be viewed by the public.

[WEBINAR] Plan for Success: Using Process Models to Achieve Business Goals

Techopedia explains Common Vulnerabilities and Exposures (CVE)

In information security, a vulnerability is a software coding error that is used by hackers to enter an information system and perform unauthorized activities while posing as an authorized user.

An exposure is a software error that allows hackers to break into a system. During an exposure, attackers may gain information or hide unauthorized actions.

Items in the CVE list get names based on the year of their formal inclusion and the order in which they were included in the list that year. The CVE helps computer security tool vendors identify vulnerabilities and exposures. Before CVE, tools had proprietary vulnerability databases, and no common dictionary existed. The key objective of CVE is to help share data across different vulnerable databases and security tools.