A Dictionary For Vulnerabilities

Networking/Security Forums -> General Security Discussion

Author: RottzLocation: East Coast, USA PostPosted: Tue Jun 24, 2003 7:21 pm    Post subject: A Dictionary For Vulnerabilities
    ----
A Dictionary For Vulnerabilities
By Larry Seltzer(larryseltzer@ziffdavis.com)
Quote:
If you ever read security vulnerabilities you eventually run into a notation looking like "CVE-2002-0947." This is a standard naming convention for vulnerabilities called Common Vulnerabilities and Exposures (CVE). CVE is administered by a company called Mitre, a non-profit company that operates governmental research facilities and other such cool things. In addition to hosting the CVE list, Mitre acts as the editor for aspects of list development. But the most important decisions are made by an editorial board with representatives of security and software firms.

CVE is an important part of modern security efforts but it could be more important. The main function of CVE is to provide security-related programs a common naming set for vulnerabilities on which they may operate. Security products, vulnerability scanners for example, usually provide mappings to CVE names. For example, Netcraft has a network vulnerability scanning service called [url=news.netcraft.com/archives/2003/01/01/automated_security_testing.html]Netcraft Network Examination[/url] which provides mappings to CVE names for the vulnerabilities it finds. The CVE site has [url=cve.mitre.org/compatible/product.html]a list of CVE-compatible products[/url], including an [url=cve.mitre.org/compatible/phase2/Netcraft_NNE.html]entry for Netcraft[/url].
Full Article: [url=security.ziffdavis.com/article2/0,3973,1134336,00.asp]A Dictionary For Vulnerabilities[/url]

This is a good article explaining CVE, a valuable resource for secuity researchers to track and catalog vulnerabilities.

Author: RoboGeekLocation: LeRoy, IL PostPosted: Tue Jun 24, 2003 7:33 pm    Post subject:
    ----
now THAT is darn handy! I've seen that referenced before, but I always just skipped checking out the numbers, or even who generated them.
Now I know Very Happy

Author: alt.don PostPosted: Tue Jun 24, 2003 7:43 pm    Post subject:
    ----
Heh, I always just assumed that everyone knew about CVE.

Author: RottzLocation: East Coast, USA PostPosted: Tue Jun 24, 2003 7:52 pm    Post subject:
    ----
alt.don wrote:
Heh, I always just assumed that everyone knew about CVE.

I told you don, you assume WAY TOO MUCH! Wink

Never assume, because it makes an ASS out of U and ME Razz Laughing



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group