CNA ScoreCard

A comprehensive evaluation platform that analyzes and scores CVE Numbering Authorities (CNAs) based on the quality and completeness of their vulnerability disclosures. Our Enhanced Aggregate Scoring (EAS) methodology provides objective, data-driven assessments to recognize excellence in vulnerability reporting. The EAS scoring model is open source and available for review in our GitHub repository.

What We Measure

🏗️ Foundational Completeness

Product identification, version details, and high-quality vulnerability descriptions

🔍 Root Cause Analysis

CWE classifications that help developers understand vulnerability patterns

🆔 Software Identification

Presence of valid CPE identifiers for affected products, enabling precise software targeting and automation

⚡ Severity Context

CVSS scores and threat metrics for proper risk assessment

🎯 Actionable Intelligence

References, exploits, and VEX data for immediate security response

Live Data: Automatically updated every 6 hours from the official CVE database
Time Range: Last 6 months of CVE publications
Methodology: Enhanced Aggregate Scoring (EAS) with 100-point scale
Loading CNA data...