CNA ScoreCard
A comprehensive evaluation platform that analyzes and scores CVE Numbering Authorities (CNAs) based on the quality and completeness of their vulnerability disclosures. Our Enhanced Aggregate Scoring (EAS) methodology provides objective, data-driven assessments to recognize excellence in vulnerability reporting. The EAS scoring model is open source and available for review in our GitHub repository.
What We Measure
🏗️ Foundational Completeness
Product identification, version details, and high-quality vulnerability descriptions
🔍 Root Cause Analysis
CWE classifications that help developers understand vulnerability patterns
🆔 Software Identification
Presence of valid CPE identifiers for affected products, enabling precise software targeting and automation
⚡ Severity Context
CVSS scores and threat metrics for proper risk assessment
🎯 Actionable Intelligence
References, exploits, and VEX data for immediate security response
📋 Data Format Precision
Structured data formats and machine-readable content for automation