Celebrating 25 Years of the CVE Program: Notes on our 5 Year Journey as a CVE Numbering Authority

As the Common Vulnerabilities and Exposures (CVE®) Program celebrates its 25th anniversary, Bitdefender has reason to be especially proud of this global initiative. As a CVE Numbering Authority (CNA) for the past five years, Bitdefender is one of the organizations authorized to assign CVE IDs to vulnerabilities affecting products within their scope. These IDs are used as a reference when a vulnerability is announced to the public for the first time.

This milestone highlights CVE.org’s critical role in transforming how organizations manage vulnerabilities. Our journey as a CNA started in 2019 and Bitdefender’s contributions have helped enhance the security landscape ever since.

Founded in 1999, the CVE Program has become an indispensable resource for coordinated vulnerability management. From just 321 CVE records 25 years ago, it has now grown to over 240,000, reflecting its vast adoption and collaboration across the globe.

As a CNA since 2019, Bitdefender has been dedicated to assigning CVEs to vulnerabilities discovered in its research, helping to ensure they are properly documented and shared with the cybersecurity community. This ongoing effort strengthens defenses and promotes global collaboration against cyber threats.

The CVE Program now boasts over 400 CNAs across 40 countries, and it continues to expand and evolve, focusing on increasing program adoption, enhancing data quality, and enriching CVE records. Bitdefender remains committed to supporting the CVE Program, and helping secure the future through research and collaboration.

CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE).

To learn more about CVE’s 25 years of achievements, download the CVE 25th Anniversary Report.