Joined: 29 Mar 2003 Posts: 3 Location: East Coast, USA
Posted: Tue Jun 24, 2003 7:21 pm Post subject: A Dictionary For Vulnerabilities
A Dictionary For Vulnerabilities
By Larry Seltzer(larryseltzer@ziffdavis.com)
Quote:
If you ever read security vulnerabilities you eventually run into a notation looking like "CVE-2002-0947." This is a standard naming convention for vulnerabilities called Common Vulnerabilities and Exposures (CVE). CVE is administered by a company called Mitre, a non-profit company that operates governmental research facilities and other such cool things. In addition to hosting the CVE list, Mitre acts as the editor for aspects of list development. But the most important decisions are made by an editorial board with representatives of security and software firms.
CVE is an important part of modern security efforts but it could be more important. The main function of CVE is to provide security-related programs a common naming set for vulnerabilities on which they may operate. Security products, vulnerability scanners for example, usually provide mappings to CVE names. For example, Netcraft has a network vulnerability scanning service called [url=news.netcraft.com/archives/2003/01/01/automated_security_testing.html]Netcraft Network Examination[/url] which provides mappings to CVE names for the vulnerabilities it finds. The CVE site has [url=cve.mitre.org/compatible/product.html]a list of CVE-compatible products[/url], including an [url=cve.mitre.org/compatible/phase2/Netcraft_NNE.html]entry for Netcraft[/url].
Full Article: [url=security.ziffdavis.com/article2/0,3973,1134336,00.asp]A Dictionary For Vulnerabilities[/url]
This is a good article explaining CVE, a valuable resource for secuity researchers to track and catalog vulnerabilities.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum