Hello Fedora Council

We recently launched FedoraCVE.org, a community driven, non profit initiative built by two experienced security engineers from Red Hat Product Security (darunesh@redhat.com and saroy@redhat.com). Our goal is to improve visibility into Fedora related CVEs and provide clearer insight into the security status of packages across the Fedora ecosystem. After announcing the project, we learned that using the "Fedora" name and trademarks requires Council approval, and we sincerely apologize for this oversight.

We created this platform because Fedora users today lack authoritative, timely clarity on vulnerability status - whether a CVE is acknowledged, unfixed, silently fixed, or under investigation. This information gap introduces real security risk and undermines trust for both users and maintainers. A structured reporting approach, such as official VEX-style communication, would offer transparency, predictability, and a stronger overall security posture for Fedora.

For this initiative, we have acquired the domains fedoracve.org and the codebase is hosted at: https://github.com/FedoraCVE/fedora-cve-dashboard. We respectfully request formal review and approval of the project's name and trademark usage.

[](/Fedora-Council/tickets/issue/raw/files/e3704ca347f2ba0b8644b5f8d29f3e89d929489b926113b6606ac281e9161570-Screenshot_2025-11-26_at_15-20-40_Fedora_CVE_Dashboard_Security_Monitoring.png)
[](/Fedora-Council/tickets/issue/raw/files/d476040b2fd81a5302b1c429c54bf323f5acd5dd1c86455e64dc066d1e6342d1-Screenshot_2025-11-26_at_15-20-25_Advanced_Package_Analytics_Fedora_CVE_Dashboard.png)