CVE System Sees Huge Backlog, Researchers Propose Alternative

The MITRE Corporation, a non-profit US organization that manages the Common Vulnerabilities and Exposures (CVE) database is seeing "an unprecedented demand for vulnerability IDs," and is looking into solutions for speeding up the CVE number assignment process.

The CVE system is the central point around which most of the information security community is revolving around. Whenever a security researcher finds a security vulnerability, he sends MITRE a request for a CVE identifier.

This CVE ID is more than just a number added to a database. In the infosec world, it's also a sign that the researcher did a good job, and that he discovered, and sometimes helped patch, a dangerous software flaw. It wouldn't be far-fetched to consider CVE numbers as "brag tags," with many security researchers keeping score and comparing themselves to other researchers.