If I find a vulnerability while using a proprietary software package can I request a CVE identifier. Or rather vulnerabilities in proprietary software packages are a matter of me reporting issue to vendor and vendor looking into it?
Asked
Active
Viewed 162 times
1 Answers
1
Yes, they are also assigned to proprietary software. An example would be Oracle Database, which has a variety of CVEs assigned to it.
To request an ID, check the CNA coverage table. If the vendor is listed, request from them. Otherwise, request directly from MITRE.
The process of the vendor may or may not include requesting CVEs themselves, so when contacting them let them know that you already requested one or are planning to do so.
tim
- 29,018
- 7
- 95
- 119