Cve

The SECMONS Vulnerability Policy defines how vulnerabilities are researched, verified, categorized, updated, and corrected. It outlines disclosure standards, exploitation labeling, dispute handling, and limitations of responsibility.

CVE (Common Vulnerabilities and Exposures) is the global identifier standard for publicly disclosed software and hardware vulnerabilities. This SECMONS glossary entry explains CVE structure, who assigns CVEs, how CVEs relate to CVSS and CWE, and how teams use CVEs for patching, risk, and incident response.

Vulnerability Management is the continuous process of discovering, assessing, prioritizing, and remediating security weaknesses across systems and applications. This SECMONS glossary entry explains how vulnerability management works, how it differs from patch management, and how organizations reduce real-world risk.