CVE data sources, assigners
Vendors, researchers, open source projects, CERTs, hosted service providers, and bug bounty provider organizations can be authorized
by the CVE Program to assign CVE IDs to vulnerabilities and publish CVE Records within their own specific scopes of coverage,
e.g for their own products.