Mission and Vision

Our mission is to support and advance the common understanding of, and response to, cybersecurity vulnerabilities.

Through increased collaboration and shared vulnerability knowledge, we enable developers, operators, and users around the world to keep innovating and benefiting from the capabilities offered by technology in every area of our lives.

CVE is the Cornerstone of Risk-Based Cybersecurity Decision-Making

  • Convening and giving a voice to stakeholders from all aspects of vulnerability management, including developers, operators, defenders, and researchers.
  • Identifying, defining, classifying, and rating cybersecurity vulnerabilities to drive alignment and clarity in response.
  • Creating a common language for the investigation, reporting, education, and response to cybersecurity vulnerabilities.
  • Setting expectations and advocating practices for reduction and mitigation of cybersecurity vulnerabilities.
  • Providing a stable foundation to inform cybersecurity products, programs, decision-making, and measurement.

Reinvigorating the CVE Program

The CVE Foundation is committed to guiding the CVE Program through a critical evolution—from dependence on a single funding source to a robust, diversified funding model. This transition will enhance the Program’s resilience, independence, and global trustworthiness, ensuring it remains a durable, transparent, and collaborative resource that serves the public good. We believe the CVE Program must operate outside sole governmental control and thrive within a public, nonprofit framework that fosters international participation, sustainable funding, and open accountability.

To achieve this vision, the CVE Foundation will pursue the following strategic priorities.

  • (Re)Building Trust – Stakeholders need assurance that CVE is stable, reliable, and unbiased.
  • Establishing Clear Governance – Stakeholders will know what to expect and can hold the organization accountable for decision-making.
  • Investing in Infrastructure – Focusing development on critical improvements to APIs, tools, and infrastructure.
  • Increasing International Engagement – Vulnerabilities have impact around the world and must be coordinated accordingly.
  • Empowering the Community – Bringing new energy to community engagement, supported by infrastructure and innovation, and visibility.
  • Diversifying Funding – Making CVE less US-Government-centered and providing less opportunity for service disruption.

The CVE Foundation is dedicated to advancing the CVE Program as a stable, resilient, and universally trusted cornerstone of global vulnerability management—empowering consumers, organizations, and cybersecurity stakeholders to manage risk and enhance security with confidence.