Dispute
If an entity actively disagrees with a vulnerability entry or a CVE assigned by our CNA team, it is possible to ask for a dispute.
File a Dispute
To file a dispute, please contact us and state the following with a clear and complete rationale:
- Which VulDB entry and/or CVE assignment you want to dispute
- What the dispute is for (wrong data, false-positive, duplicate for example)
- What the reasoning for the dispute is (including a proof, keep it short and professional)
Result of a Successful Dispute
If a dispute is reasonable, we will flag the entry as disputed via the field advisory_disputed which will be shown on the web site and via the API. The reasoning statement by the disputee is added to the public entry as well.
If an entry is entirely wrong, we will revoke it and reject the associated CVE.
To provide transparency we have to quote or paraphrase a dispute rationale as required by the CVE Record Dispute Policy. Statements might be disclosed unless strictly prohibited. This complies with national and international copyright law.
Disputes for other CNA Entries
We can only process disputes for CVE entries that we are the assigned CNA. CVE entries maintained by other CNAs must be disputed by direct contact with them or their Root-CNA. Please consult the CNA Rules and the associated dispute process for more details.
Uppdaterad: 09/09/2024 förbi VulDB Documentation Team