CVE Data Quality Assessment Framework
The CVE Consumer Working Group is developing a Data Quality Assessment Framework for CVE records. The framework is built bottom-up from the tasks practitioners actually perform using CVE data — identifying what information each task requires, specifying how that information can fail, and defining computable metrics for each failure mode.
The documents on this site are working drafts open for review by working group members. Submit feedback by commenting on individual paragraphs — hover over any paragraph and click the comment button to open a pre-filled GitHub issue.
Documents
| Document | Description | Status |
|---|---|---|
| Development Process | Six-step methodology and validation gates | Draft — Gate 1 review |
| Role Inventory | 41 practitioner roles across six groups | Draft — Gate 1 review |
| Canonical Tasks | 45 tasks across 19 phases, with role mappings | Draft — Gate 1 review |
| Task Purposes | Mechanism-free purpose statements for all 45 tasks | Draft — Gate 1 review |
How to Review These Documents
Review periods are announced by the co-chairs when new material is ready. There are no formal gated windows — issues may be opened at any time against any document.
To comment on a specific paragraph, hover over the paragraph and click the comment button that appears. This opens a GitHub issue pre-filled with the document name, paragraph reference, and the paragraph text. Add your comment in the space provided and submit. You do not need to copy the paragraph text — it is already included.
A substantive comment is a claim that the content is incorrect, incomplete, or will produce a flawed result if used as-is. Comments about wording or framing that do not affect analytical content will be addressed at the co-chairs’ discretion.
Paragraphs with existing comments show a badge in the margin indicating how many open issues reference that paragraph. Click the badge to see those issues on GitHub. If someone has already raised your concern, add a comment to their issue rather than opening a new one.
You do not need a GitHub account to read the documents. You do need one to submit comments. If you do not have an account and are unable to create one, contact the co-chairs to submit feedback by other means.