As the CVE Program continues to move through the soft 
 period for CVE Services/CVE JSON 5.0, we have continued to make upgrades to 
help you advance your adoption of both. As a reminder, soft deployment means 
CNAs are actively using the services and any issues found by the community are 
being prioritized and addressed by the CVE Automation Working Group 
 once reported. The hard 
 phase will begin once the soft deployment phase is completed.
The following improvements are now available for CNAs:
Enhanced test environment for incorporating CVE Services into your 
infrastructure and/or developing a CVE Services client now available
The test environment consists of the following:

  *   CVE Services test instance -
  *   CVE website test instance (new) -<>
CNAs can use the test environment to ensure that they have correctly integrated 
CVE Services into their established vulnerability management infrastructures. 
Specifically, the CVE Services test instance<> 
allows you to test your integration of the CVE ID Reservation (IDR) 
and CVE Record Submission and Upload Service 
while the new CVE website test instance<> allows you to 
verify that test CVE Records will be published correctly in CVE JSON 
5.0<> format 
(simply use the CVE ID Lookup on the website test instance's homepage to look 
up and view a test record). CVE Services test instance docs are available 
A CNA developing its own CVE Services client can also use the test environment 
to test that its client is working properly, in the same manner.
By leveraging the test environment, CNAs can be confident that their 
incorporation of CVE Services into their infrastructure and processes, or 
development of their own CVE Services client, will work correctly once deployed 
in the CVE Services production environment.
Test Instance Credentials Required - If you are a CNA and wish to use the CVE 
Services test instance, you will need credentials that are separate from your 
production environment CVE Services credentials. Credentials are not required 
to view the CVE website test instance. Learn how to request test instance 
CVE Program Website and CVE Services upgraded to address Prioritized Issues
Two updates were released in December 2022, one for the CVE website and the 
other for CVE Services. One issue on the CVE Services - Prioritized Issue 
List<> was 
resolved, and we continue to work diligently on all the issue on the list. View 
the resolved issue 
December 7 - A bug on the CVE website that incorrectly rendered the "affected 
version" recorded in CVE JSON 5.0 CVE Records was fixed. With this correction, 
you can now view CVE JSON 5.0 records on the new website with 
confidence that the correct affected version is being rendered.
December 19 - CVE Services version 2.1.1 was released to fix, among other 
issues<>, a 
bug that was identified by the CNA community where valid CVE Records submitted 
for publication were incorrectly being flagged with JSON schema validation 
errors. Thanks to those early adopters of CVE Services that continue to 
identify areas we need to address as we move CVE Services closer to our Hard 
Deploy milestone scheduled for Q1 calendar year 2023.
"Current Status" dashboard for CVE Services/CVE JSON 5.0 transition added to 
CVE Program Automation Transition Website
We realize that the CVE Services/CVE JSON 5.0 transition is a long and often 
complicated process and that there is a lot of information that must be 
conveyed, digested, and acted upon. To help CNAs stay aware of the most current 
information and transition status, a new "Current Status" 
has been added to the CVE Automation Transition Details 
page<> on the 
automation transition website to keep you up to date.
View the current status 

Questions? Please use the CVE Request Web Forms<> and 
select "Other" from the dropdown.

CVE Program Secretariat<>

[A picture containing text, clipart  Description automatically generated]

Reply via email to