Coordination is one central tenet of software engineering practices and processes. In terms of software vulnerabilities, coordination is particularly evident in the processes used for obtaining Common Vulnerabilities and Exposures (CVEs) identifiers for discovered and disclosed vulnerabilities. As the central CVE tracking infrastructure maintained by the non-profit MITRE Corporation has recently been criticized for time delays in CVE assignment, almost an ideal case is available for studying software and security engineering coordination practices with practical relevance. Given this pragmatic motivation, this paper examines open source CVE coordination that occurs on the public oss-security mailing list. By combining social network analysis with a data-driven, exploratory research approach, the paper asks six data mining questions with practical relevance. By contemplating about answers to the questions asked by means of descriptive statistics, the paper consequently contributes not only to the contemporary industry debates, but also to the tradition of empirical vulnerability research. The perspective and the case are both novel in this tradition, thus opening new avenues for further empirical inquiries and practical improvements for the contemporary CVE coordination.