If you do not find the information you are looking for below or need clarification please contact Kurt Seifried via email ([email protected]) to ask your questions, and so that the below information can be updated/added to.
The legacy security vulnerbaility ecosystem lacks innovation and has ceased to grow in pace with software. What progress was made has not resulted in significantly more public security vulnerbaility identifiers being issued. It should also be noted that this lack of coverage is a known problem that is not being addressed properly by the existing legacy security vulnerbaility ecosystem at this time (e.g. https://www.youtube.com/watch?v=WmC65VrnBPI&t=2178s).
The first incarnation of the DWF was created as an independent effort and made efforts to work with the legacy MITRE CVE ID system. In fact the DWF did become a CNA (CVE Numbering Authority) and the founder, Kurt Seifried, joined the CVE Board (https://cve.mitre.org/community/board/index.html). During this time Kurt Seifried managed to push MITRE to use a JSON data format, previously there were only legacy formats (txt, csv, html and xml (https://cve.mitre.org/data/downloads/index.html) and in fact these legacy formats are still the only ones supported by MITRE. Additionally, Kurt Seifried get MITRE to start using GitHub, however this is still labelled as a pilot project.
The previous incarnation of the DWF was found to be unsustainable and the DWF was shutdown in early 2019.
In January of 2021 Kurt Seifried resigned from the CVE board. The second incarnation of the DWF was started shortly after as an effort to improve the security vulnerbaility ecosystem.
The current focus of the DWF is: