This page provides background and status of CVE handling by the O-RAN Software Community.
Background
The MITRE CVE database is a publicly accessible repository that catalogs known cybersecurity vulnerabilities and exposures. Managed by MITRE, it assigns each identified vulnerability a unique CVE-ID, which provides a standardized reference for security professionals worldwide. This consistent naming and classification system helps organizations quickly identify, assess, and address security risks across various software and hardware systems.
Position of O-RAN Software Community
The O-RAN Software Community is driven by contributions from experts whose knowledge, experience, and available time are vital to our projects. Consequently, while we prioritize addressing CVEs, we cannot guarantee that every vulnerability will be analyzed, processed, and resolved in a systematic manner. Nonetheless, our community is strongly committed to addressing these issues and continuously enhancing the security of our initiatives.
Several O-RAN SC projects are scanned by Sonarcloud, the results are public available [1][2].