CNA ScoreCard
📊 CVE Data Completeness Analysis
Comprehensive evaluation of CVE record completeness based on the official CVE JSON Schema. This analysis measures how well CNAs populate all available fields and arrays in CVE records, providing insights into data quality and schema adherence across the vulnerability disclosure ecosystem.
📊 Completeness Score Calculation
The Completeness Score is a weighted metric that evaluates how thoroughly CNAs populate CVE record fields:
- Required Fields (70% weight): Schema-mandated fields like descriptions, affected products, and references
- Optional Fields (30% weight): Enhanced fields like CVSS metrics, problem types, solutions, and credits
- Field Coverage: Each field category is scored as the percentage of CVE records containing that field
- Excluded Fields: Ten automatically-populated CVE program fields are excluded from scoring
Note: Required fields are weighted more heavily as they represent minimum compliance with the CVE schema standards.
📈 Overall Completeness
Average completeness across all CVE records
⚡ Required Fields
Completeness of schema-required fields
➕ Optional Fields
Utilization of optional schema fields
🏛️ CNAs Analyzed
CVE Numbering Authorities evaluated
CNA Completeness Rankings
CNAs ranked by their overall data completeness score. Higher scores indicate better utilization of the CVE schema fields.
| Rank | CNA | Completeness Score | Required Fields | Optional Fields | CVE Count | Percentile |
|---|
📋 Schema Field Analysis
Detailed analysis of individual CVE schema fields and their utilization across all records.
Problematic CVEs: Missing Required Fields
Browse the complete list of problematic CVE records that lack schema-required fields. These CVE entries fail to meet basic completeness standards and require CNA attention to resolve data quality issues.
View Bad CVEs List →