Common Vulnerabilities and Exposures (CVE) Requirements
- CVE.R1 The product's documentation (printed or electronic) must state that it uses CVE and explain relevant details to the users of the product.
- The vendor shall provide instructions, and a test environment (if necessary), indicating how product output can be generated that contains a listing of all software flaws and patches both with and without CVE IDs. CVE IDs should be used wherever possible. Instructions shall include where the CVE IDs and the associated vendor-supplied and/or official CVE descriptions can be located within the product output.
- The vendor shall provide instructions on the where the CVE IDs can be located within the product output. The vendor shall provide procedures and a test environment (if necessary) so that the product will output vulnerabilities with associated CVE IDs. Instructions shall include where the CVE IDs and the associated vendor-supplied and official CVE descriptions can be located within the product output. This documentation can be found here
{"serverDuration": 143, "requestCorrelationId": "52b4a901e3754f53a22edb6222f435a2"}