/DNA-Registry

DWF (Distributed Weakness Filing) Number Authority Project

GNU General Public License v3.0GPL-3.0

DNA-Registry

DWF (Distributed Weakness Filing) Number Authority Project

This project is run by a (currently) anonymous group of security researchers and depends on community involvement/agreement in order to function as intended.

The goal of this project is to allow well-known security researchers and company security teams to assign DWF-style identifiers to security vulnerabilities with minimal over head.

The process for this is simple:

  1. Each researcher/team is assigned a block of 1000 IDs, which is constant from year to year. For example, a researcher or team may be granted DWF-YEAR-34000 to DWF-YEAR-34999. When coordinating or disclosing a vulnerability, they can assign their own ID to the issue(s) rather than contact a central body for assignment.

  2. Researchers or teams that wish to register must submit a pull request with the following information: the researcher/team name, a valid contact email address, and a URL for where security advisories with the self-assigned DWFs will be published (e.g. a link to a blog, mail list archive, etc.).

  3. In the event of a duplicate assignment, a preference will be given to the ID publicly assigned and published first. We will update our database to point duplicates at the original assignment.

  4. If the researcher has any questions or concerns they can contact us for help at distributedweaknessfiling@gmail.com