DWF (Distributed Weakness Filing) Number Authority Project
This project is run by a (currently) anonymous group of security researchers and depends on community involvement/agreement in order to function as intended.
The goal of this project is to allow well-known security researchers and company security teams to assign DWF-style identifiers to security vulnerabilities with minimal over head.
The process for this is simple:
-
Each researcher/team is assigned a block of 1000 IDs, which is constant from year to year. For example, a researcher or team may be granted DWF-YEAR-34000 to DWF-YEAR-34999. When coordinating or disclosing a vulnerability, they can assign their own ID to the issue(s) rather than contact a central body for assignment.
-
Researchers or teams that wish to register must submit a pull request with the following information: the researcher/team name, a valid contact email address, and a URL for where security advisories with the self-assigned DWFs will be published (e.g. a link to a blog, mail list archive, etc.).
-
In the event of a duplicate assignment, a preference will be given to the ID publicly assigned and published first. We will update our database to point duplicates at the original assignment.
-
If the researcher has any questions or concerns they can contact us for help at distributedweaknessfiling@gmail.com