@@ -20,15 +20,19 @@ The security committee of openEuler community is responsible for building commun
+ The CVE IDs assigned through the registry enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks.
+ The CVE List is built by CVE Numbering Authorities (CNAs). Every CVE Entry added to the list is assigned by a CNA.
+ The CVE List feeds the U.S. National Vulnerability Database (NVD).
#### CVE Value:
+ CVE enables two or more people or tools to refer to a vulnerability and know they are talking about the same thing, resulting in significant time and cost savings.
#### CVE is Community Driven:
+ The CVE Program relies on the community (vendors, end users, researchers, and more) to discover and register vulnerabilities.
+ CVE IDs are assigned by CVE Numbering Authorities (CNAs), which are operated on a voluntary basis by participating organizations.
+ The CVE Board, which drives the direction of the CVE Program, consists of industry, academic, and government representatives from around the world.
+ CVE Working Groups develop the program’s policies (approved by the CVE Board) and are open to the community.
#### Sponsored by:
+[The CVE Program](https://cve.mitre.org/) is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA, [https://www.cisa.gov/](https://www.cisa.gov/)of the U.S. Department of Homeland Security (DHS) and is operated by [the MITRE Corporation](https://www.mitre.org/) in close collaboration with international industry, academic, and government stakeholders
#### What are CNAs (CVE Numbering Authorities)
+ CNAs are organizations authorized by the CVE Program to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope.
