# Publishing CVEs

1. **Identify a New Vulnerability**: Research and ensure that the vulnerability you've discovered hasn't been reported. Check if the vulnerability has already been reported in the [MITRE Database](https://cve.mitre.org/) or other databases such as [exploit-db](https://www.exploit-db.com/)
2. **Responsible Disclosure to Vendor**: Contact the product's vendor or owner to report the vulnerability discreetly. Document all communication attempts for proof that you have tried to multiple times to contact the vendor in order to remediate the finding before going public with your research
3. **Work with Cooperative Vendors**: If the vendor is responsive, collaborate on a mitigation strategy and agree on a coordinated disclosure timeline.
4. **Handling Non-Responsive Vendors**: If there's no response, consider waiting for a period (30 to 90 days) before public disclosure. Meanwhile, apply for a CVE ID from MITRE.
5. **Request CVE ID from MITRE**: Submit the vulnerability details to MITRE for a CVE ID by requesting a CVE ID from MITRE via the [CVE Submission Form](https://cveform.mitre.org/). This process can take time, and the CVE will initially be in a 'RESERVED' state.
6. **Publishing the CVE**: Once you've waited the agreed-upon time and have the CVE ID, publish your findings on platforms like PacketStorm Security or CX Security. Include the CVE ID in your publication.
7. **Notify MITRE of Publication**: After publishing, inform MITRE with the publication links to update the CVE from 'RESERVED' to 'PUBLISHED'.

Additional References

**Trustwave's Guide**: "A Simple Guide to Getting CVEs Published" offers a comprehensive step-by-step process. [Trustwave Guide](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-simple-guide-to-getting-cves-published/)

<https://infosecwriteups.com/how-to-register-and-publish-a-cve-for-your-awesome-vulnerability-e68a6a5f748f>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://martian1337.gitbook.io/notes/notes/security-research/publishing-cves.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.