Skip to content

nluedtke/DWF-Documentation

BranchesTags
 
 

Repository files navigation

Distributed Weakness Filing (DWF) Project

The Distributed Weakness Filing (DWF) Project is the first federated CVE Number Authority (CNA). The DWF will initially deal with assigning CVEs for Open Source software (as defined by OSI approved Open Source licenses https://opensource.org/licenses and similar licenses). The DWF will assign CVEs for valid security vulnerabilities using the same or very similar processes as Mitre and other CVE Numbering Authorities currently use.

Getting a CVE Identifier from the DWF for your security vulnerability(s)

We are currently deciding on process for this, in the mean time you can submit an issue via the form at https://iwantacve.org/

Getting involved with the DWF

The first step is to contact us, email is good (see our contact info), or file an issue. To get involved with the DWF you MUST accept the Contributor Covenant.

Assigning a CVE for the DWF

If you are assigning CVEs on behalf of the DWF please consult the CVE Assignment HOWTO.

Becoming an Open Source CVE Numbering Authority

We are currently deciding on process for this, in the mean time you can file an issue against the DWF DNA Registry, or email cve-assign@seifried.org so we don't lose track of your CNA request.

About

DWF Documentation, Policy and Guides

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published