Colleagues, As the CVE Program continues to move through the soft deployment<https://cveproject.github.io/automation-cve-services-faqs#what-is-meant-by-cve-services-21-soft-deploy> period for CVE Services/CVE JSON 5.0, we have continued to make upgrades to help you advance your adoption of both. As a reminder, soft deployment means CNAs are actively using the services and any issues found by the community are being prioritized and addressed by the CVE Automation Working Group (AWG)<http://www.cve.org/ProgramOrganization/WorkingGroups#AutomationWorkingGroupAWG> once reported. The hard deployment<https://cveproject.github.io/automation-cve-services-faqs#what-is-meant-by-cve-services-21-hard-deploy> phase will begin once the soft deployment phase is completed. The following improvements are now available for CNAs: Enhanced test environment for incorporating CVE Services into your infrastructure and/or developing a CVE Services client now available The test environment consists of the following:
* CVE Services test instance - https://cveawg-test.mitre.org/api * CVE website test instance (new) - https://test.cve.org<https://test.cve.org/> CNAs can use the test environment to ensure that they have correctly integrated CVE Services into their established vulnerability management infrastructures. Specifically, the CVE Services test instance<https://cveawg-test.mitre.org/api> allows you to test your integration of the CVE ID Reservation (IDR) service<https://cveproject.github.io/automation-cve-services#services-overview> and CVE Record Submission and Upload Service (RSUS)<https://cveproject.github.io/automation-cve-services#services-overview>, while the new CVE website test instance<https://test.cve.org/> allows you to verify that test CVE Records will be published correctly in CVE JSON 5.0<https://cveproject.github.io/automation-cve-services#json-overview> format (simply use the CVE ID Lookup on the website test instance's homepage to look up and view a test record). CVE Services test instance docs are available here<https://cveawg-test.mitre.org/api-docs/>. A CNA developing its own CVE Services client can also use the test environment to test that its client is working properly, in the same manner. By leveraging the test environment, CNAs can be confident that their incorporation of CVE Services into their infrastructure and processes, or development of their own CVE Services client, will work correctly once deployed in the CVE Services production environment. Test Instance Credentials Required - If you are a CNA and wish to use the CVE Services test instance, you will need credentials that are separate from your production environment CVE Services credentials. Credentials are not required to view the CVE website test instance. Learn how to request test instance credentials here<https://cveproject.github.io/automation-cve-services-getting-started#obtaining-credentials-for-the-cve-services-test-instance>. CVE Program Website and CVE Services upgraded to address Prioritized Issues Two updates were released in December 2022, one for the CVE website and the other for CVE Services. One issue on the CVE Services - Prioritized Issue List<https://cveproject.github.io/automation-cve-services-known-issues> was resolved, and we continue to work diligently on all the issue on the list. View the resolved issue here<https://cveproject.github.io/automation-cve-services-known-issues#resolved-issues>. December 7 - A bug on the CVE website that incorrectly rendered the "affected version" recorded in CVE JSON 5.0 CVE Records was fixed. With this correction, you can now view CVE JSON 5.0 records on the new cve.org website with confidence that the correct affected version is being rendered. December 19 - CVE Services version 2.1.1 was released to fix, among other issues<https://github.com/CVEProject/cve-services/releases/tag/v2.1.1-sd>, a bug that was identified by the CNA community where valid CVE Records submitted for publication were incorrectly being flagged with JSON schema validation errors. Thanks to those early adopters of CVE Services that continue to identify areas we need to address as we move CVE Services closer to our Hard Deploy milestone scheduled for Q1 calendar year 2023. "Current Status" dashboard for CVE Services/CVE JSON 5.0 transition added to CVE Program Automation Transition Website We realize that the CVE Services/CVE JSON 5.0 transition is a long and often complicated process and that there is a lot of information that must be conveyed, digested, and acted upon. To help CNAs stay aware of the most current information and transition status, a new "Current Status" dashboard<https://cveproject.github.io/automation-transition#current-status> has been added to the CVE Automation Transition Details page<https://cveproject.github.io/automation-transition#current-status> on the automation transition website to keep you up to date. View the current status here<https://cveproject.github.io/automation-transition#current-status>. Questions? Please use the CVE Request Web Forms<https://cveform.mitre.org/> and select "Other" from the dropdown. Respectfully, CVE Program Secretariat cve-prog-secretar...@mitre.org<mailto:cve-prog-secretar...@mitre.org> [A picture containing text, clipart Description automatically generated]
