This new document will define the requirements and evaluation criteria for GCVE Numbering Authorities (GNAs) operating within the GCVE ecosystem. It establishes a standardized framework to assess the extent to which GNAs adhere to the GCVE Best Current Practice (BCP) series, covering governance, allocation quality, disclosure processes, data interoperability, and synchronization with the GCVE reference implementation. To promote transparency and consistency, this BCP also introduces a standard set of conformance fields to be embedded in the GCVE directory JSON format, enabling automated reporting and public visibility of each GNA’s current compliance status. The objective of this document is to ensure accountability while preserving the decentralized nature of GCVE, support continuous improvement, and strengthen trust in the accuracy and integrity of vulnerability identification across the GCVE network.
Some additional factors which can be check automatically:
- Verify the GNA maintains a public statement of disclosure policy.
- Ensure they provide a contact point for vulnerability coordination.
- Confirm the GNA keeps stable identifiers for references (perma-links, hashes, Git commit IDs). Ratio of 404 versus 200.