The CVE Program is in the final stages of planning its next steps in its 
automation update strategy. In Transition Bulletins 
#2<> and 
#3<> posted 
on the CVE Automation Transition 
Details<> website we laid out 
a broad transition strategy that would culminate in a new automated approach 
for CNAs to submit CVE Records.
Soft Deployment Schedule
"Soft Deployment" of CVE Services 
JSON 5.0<> 
will begin the first week of October 2022, and will be implemented in two 
phases over the course of the month:

  *   Phase I - This phase will begin the first week of October (10/3/22 - 
10/9/22) with an update of the CVE Services 2.1 - CVE IDR Reservation (IDR) 
Service<>. At the completion of the 
Phase I on October 10, CNAs using CVE Services for CVE ID Reservation will be 
using CVE Services 2.1.
  *   Phase II - The CVE IDR System update that was completed in Phase I will 
lay the groundwork for Phase II (i.e., the soft deployment of CVE Services 2.1 
- Record Submission and Upload Service 
(RSUS)<>, which will take place the 
last full week of October (10/24/22 - 10/28/22). At the completion of Phase II 
on October 31, CNAs will have the ability to submit CVE JSON 5.0 records using 
the new CVE Services 2.1 RSUS interfaces to the live CVE List.
How CNAs Should Prepare
Preparing for Phase I (Week 1 October)
Current users of the CVE Services 1.1.1 - IDR Service will need to migrate to a 
client that has been upgraded to be compatible with CVE Services 2.1 - IDR 

There are currently three clients that have been developed for community 
adoption that are expected to be ready for the first week of October that you 
can adopt:
Client Name

  *   A client with a robust GUI
  *   Can be installed locally or it can be used from the internet through a 
web browser

  *   A client with a simple GUI
  *   Can be installed locally or run from the internet through a web browser

  *   A command line client
  *   Can downloaded and incorporated into existing tooling structure
If your organization has created a unique automation framework that interfaces 
with CVE Services, contact your framework administrator to determine their 
plans for migrating to CVE Services 2.1
If there is concern that the client you are using will not be upgraded by 
October 3, following are some options that may work for you:

  *   Prior to October 3, reserve a "block" of IDs to carry you through the 
month while your clients are upgraded.
  *   Temporarily adopt one of the publicly available clients that are being 
actively supported by community members.
As we get closer to the deployment date for Phase I, we will send out reminders 
and note the specific days that CVE Records processing will be suspended while 
we update the software and the repositories.
Preparing for Phase II (Week 4 October)
Phase II deployment will be an update to make the CVE Services 2.1 - RSUS 
endpoints available to the CVE Services clients for use by the CNA community.
If you wish to take advantage of these new endpoints, the client that you use 
will need to be designed to specifically do that. You may adopt one of the 
recommended clients listed above (which will upgraded to take advantage of the 
new endpoints). If you are operating in a unique organizational CVE framework, 
contact your framework administrators to gain insight into their plans for 
adoption of CVE JSON 5.0 and CVE Services 2.1
Note that all of the old CVE Record submission processes (using CVE JSON 4.0) 
see Bulletin 
#6<> will 
be maintained for a period of time after this deployment, so you need not adopt 
CVE JSON 5.0/CVE Services 2.1 immediately, however, you should begin thinking 
about how you are going to do that in the very near future.
Also, CNAs should also make preparations to participate in the virtual "CVE 
 for CNAs to learn how to use CVE Services 2.1/CVE JSON 5.0 scheduled for 
November 2, 2022, from 11:00 a.m. - 5:00 p.m. ET. Learn more 

If you have any question, please use the CVE Request Web 
Forms<> and select "Other" from the dropdown.

CVE Program Secretariat<>

[A picture containing text, clipart  Description automatically generated]

Reply via email to