Skip to content

Commit 9da5c74

Browse files
rrobergerroberge
committed
#3232 Process page updates
1 parent 09abb23 commit 9da5c74

File tree

1 file changed

+52
-25
lines changed

1 file changed

+52
-25
lines changed

src/views/About/Process.vue

Lines changed: 52 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,14 @@
66
<div class="content">
77
<h1 class="title">Process</h1>
88
<p>
9-
There is one <router-link to='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Record</router-link> for each vulnerability on
10-
the <router-link to='/ResourcesSupport/Glossary?activeTerm=glossaryCVEList'>CVE List</router-link>. Vulnerabilities are first
11-
discovered, then reported to the CVE Program. The reporter requests a
9+
There is one
10+
<router-link to='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Record</router-link>
11+
for each vulnerability on the
12+
<router-link to='/ResourcesSupport/Glossary?activeTerm=glossaryCVEList'>CVE List</router-link>.
13+
Vulnerabilities are first discovered, then reported to the CVE Program. The reporter requests a
1214
<router-link to='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE ID</router-link>,
13-
which is then reserved for the reported vulnerability. Once the reported vulnerability is
14-
confirmed by the identification of the minimum required data elements for a CVE Record, the record is published to the CVE List.
15+
which is then reserved for the reported vulnerability. Once the reported vulnerability is confirmed by the
16+
identification of the minimum required data elements for a CVE Record, the record is published to the CVE List.
1517
CVE Records are published by CVE Program partners from around the world. This process is described below.
1618
</p>
1719
<h2 :id="cvenavs['About']['submenu']['Process']['items']['CVE Record Lifecycle']['anchorId']" class="title">
@@ -38,16 +40,17 @@
3840
<div class="timeline-marker is-3">2</div>
3941
<div class="timeline-content">
4042
<h3 class="title">Report</h3>
41-
<p>Discoverer reports a vulnerability to a
42-
<router-link to='/PartnerInformation/ListofPartners'>CVE Program participant</router-link>.
43+
<p>
44+
Discoverer reports a vulnerability to a
45+
<router-link to='/PartnerInformation/ListofPartners'>CVE Program partner</router-link>.
4346
</p>
4447
</div>
4548
</div>
4649
<div class="timeline-item">
4750
<div class="timeline-marker">3</div>
4851
<div class="timeline-content">
4952
<h3 class="title">Request</h3>
50-
<p>CVE Program participant requests a CVE Identifier (CVE ID).</p>
53+
<p>CVE Program partner assigns a CVE Identifier (CVE ID).</p>
5154
<section class="cve-accordion">
5255
<div class="message">
5356
<div class="message-header">
@@ -77,16 +80,28 @@
7780
portion is not used to indicate when the vulnerability was discovered.
7881
</p>
7982
<p>
80-
The “Arbitrary Digits,” or sequence number portion, can include four or more digits in the sequence number portion of the
81-
ID. For example, <span class="has-text-weight-bold">CVE-YYYY-NNNN</span> with four digits in the sequence number,
83+
The “Arbitrary Digits,” or sequence number portion, can include four or more digits in the sequence number portion of
84+
the ID. For example, <span class="has-text-weight-bold">CVE-YYYY-NNNN</span> with four digits in the sequence number,
8285
<span class="has-text-weight-bold">CVE-YYYY-NNNNNNN</span> with seven digits in the sequence
8386
number, etc. There is no limit on the number of arbitrary digits.
8487
</p>
85-
<p>The CVE Program’s CNA Rules include additional helpful information about CVE IDs:</p>
8688
<p>
87-
<router-link to='/ResourcesSupport/AllResources/CNARules#section_7_assignment_rules'>Assignment Rules</router-link>
88-
- how CVE IDs are assigned.
89+
The CVE Program’s
90+
<router-link to='/ResourcesSupport/AllResources/CNARules'>CNA Rules</router-link>
91+
include additional helpful information about CVE IDs:
8992
</p>
93+
<ul>
94+
<li>
95+
<router-link to='/ResourcesSupport/AllResources/CNARules#section_4-1_Vulnerability_Determination'>
96+
Vulnerability Determination
97+
</router-link>
98+
</li>
99+
<li>
100+
<router-link to='/ResourcesSupport/AllResources/CNARules#section_4-2_CVE_ID_Assignment'>
101+
CVE ID Assignment
102+
</router-link>
103+
</li>
104+
</ul>
90105
</div>
91106
</div>
92107
</div>
@@ -99,16 +114,16 @@
99114
<h3 class="title">Reserve</h3>
100115
<p>The ID is reserved, which is the initial state of a CVE Record.</p>
101116
<p>
102-
The Reserved state means that CVE stakeholder(s) are using the CVE ID for early-stage vulnerability coordination and management,
103-
but the CNA is not yet ready to publicly disclose the vulnerability.
117+
The Reserved state means that CVE stakeholder(s) are using the CVE ID for early-stage vulnerability coordination and
118+
management, but the CNA is not yet ready to publicly disclose the vulnerability.
104119
</p>
105120
</div>
106121
</div>
107122
<div class="timeline-item">
108123
<div class="timeline-marker">5</div>
109124
<div class="timeline-content">
110125
<h3 class="title">Submit</h3>
111-
<p>CVE Program participant submits the details.</p>
126+
<p>CVE Program partner submits the details.</p>
112127
<p>
113128
Details include but are not limited to affected product(s); affected or fixed product versions; vulnerability type, root
114129
cause, or impact; and at least one public reference.
@@ -143,17 +158,23 @@
143158
<div class="message-body" :class="{'is-hidden': accordion['cve-record']}" id="cve-record">
144159
<div class="block">
145160
<p>
146-
A CVE Record is the descriptive data about a vulnerability associated with a CVE ID, provided by a CVE Numbering
147-
Authority (<router-link to='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CNA</router-link>). This data is provided
148-
in multiple human and machine-readable formats.
161+
A CVE Record is the descriptive data about a vulnerability associated with a CVE ID, provided by a
162+
<router-link to='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>
163+
CVE Numbering Authority (CNA)
164+
</router-link>
165+
partner. This data is provided in a human and machine-readable
166+
<router-link to='/AllResources/CveServices#CveRecordFormat'>
167+
format
168+
</router-link>.
149169
</p>
150-
<p>Each CVE Record includes the following:</p>
170+
<p>Each CVE Record includes, at a minimum, the following:</p>
151171
<ol>
152172
<li>
153173
CVE ID with four or more digits in the sequence number portion of the ID (i.e., “CVE-1999-0067”, “CVE-2019-12345”,
154174
“CVE-2021-7654321”).
155175
</li>
156176
<li>Brief description of the security vulnerability.</li>
177+
<li>Affected products and versions.</li>
157178
<li>Any pertinent references (i.e., vulnerability reports and advisories).</li>
158179
</ol>
159180
<p>A CVE Record is associated with one of the following states:</p>
@@ -172,15 +193,21 @@
172193
so that users know that the CVE ID and CVE Record are invalid.
173194
</li>
174195
</ul>
175-
<p>The CVE Program’s CNA Rules include additional helpful information about CVE Records: </p>
196+
<p>
197+
The CVE Program’s
198+
<router-link to='/ResourcesSupport/AllResources/CNARules'>CNA Rules</router-link>
199+
include additional helpful information about CVE Records:
200+
</p>
176201
<ul>
177202
<li>
178-
<router-link to='/ResourcesSupport/AllResources/CNARules#section_8-1_cve_record_information_requirements'>CVE Record
179-
Information Requirements</router-link> – the full requirements for a CVE Record.
203+
<router-link to='/ResourcesSupport/AllResources/CNARules#section_5_CVE_Record_Content'>
204+
CVE Record Content
205+
</router-link>
180206
</li>
181207
<li>
182-
<router-link to='/ResourcesSupport/AllResources/CNARules#section_7_assignment_rules'>Assignment Rules</router-link>
183-
– the data elements required within a CVE Record.
208+
<router-link to='/ResourcesSupport/AllResources/CNARules#section_4-2_CVE_ID_Assignment'>
209+
CVE ID Assignment
210+
</router-link>
184211
</li>
185212
</ul>
186213
</div>

0 commit comments

Comments
 (0)