Public CNA Registry
This project is run by an anonymous group of security researchers and depends on community involvement/agreement in order to function as intended.
The goal of this project is to allow well-known security researchers and company security teams to assign CVE-style identifiers to security vulnerabilities with minimal over head.
The process for this is simple:
-
Each researcher/team is assigned a block of 1000 IDs, which is constant from year to year. For example, a researcher or team may be granted CVE-YEAR-34000 to CVE-YEAR-34999. When coordinating or disclosing a vulnerability, they can assign their own ID to the issue(s) rather than contact a central body for assignment.
-
Researchers or teams that wish to register must submit a pull request with the following information: the researcher/team name, a valid contact email address, and a URL for where security advisories with the self-assigned CVEs will be published (e.g. a link to a blog, mail list archive, etc.).
-
In the event of a duplicate assignment, a preference will be given to the ID publicly assigned and published first, except in the case where MITRE assigns an ID for an issue then the MITRE assignment will have preference.
-
If the researcher has any questions or concerns they can contact us for help at [email protected]