ITU-T X.1520 PDF

This Recommendation on the use of the common vulnerabilities and exposures provides a "structured means" for the global exchange of publicly known, mature vulnerabilities and exposures information that are detected by security tools or otherwise become public. This "structured means" is often referred to as "CVE compatibility" and defines the correct use of CVE. An information security vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network. An information security exposure is a mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network. The assignment of CVE identifiers is not within the scope of this Recommendation.

Recommendation ITU-T X.1520 has been developed on a collaborative basis with the MITRE Corporation, bearing in mind the importance of maintaining, to the extent possible, technical compatibility between Recommendation ITU-T X.1520 and the "Requirements and Recommendations for CVE Compatibility", 30 June 2013, available at https://cve.mitre.org/compatible/Requirements_for_CVE_Compatibility_V1.3.pdf.