Common Vulnerabilities and Exposures (CVE)
The CVE vulnerability naming scheme is for a dictionary of unique, common names for publicly known software flaws. CVE provides the following:
< A comprehensive list of publicly known software flaws
< A globally unique name to identify each vulnerability
< A basis for discussing priorities and risks of vulnerabilities
< A way for a user of disparate products and services to integrate vulnerability information
A CVE vulnerability entry consists of a unique identifier number, a short description of the vulnerability, and references to public advisories on the vulnerability.
CVE was developed and is maintained by the MITRE Corporation to facilitate the sharing of data among diverse security interests. It can simplify the process of searching for information in security-related databases and on the Internet. The dictionary is the product of collaboration among experts and representatives from security-related organizations worldwide.
CVE are given names according to the year of their formal inclusion and the order in which they were added to the list in that year. For example, CVE-1999-0002 refers to a specific Web-based configuration utility that may allow an unauthorized user to modify a system administrator's password. This item was added in the year 1999 and was given sequence number 002 for that year.
Working with researchers, The MITRE Corporation assigns CVE IDs to publicly known vulnerabilities in commercial and open source software. General information on CVE is available at http://cve.mitre.org/. The National Vulnerability Database (NVD), which is maintained by NIST, provides several ways of accessing CVE entries. NVD offers CVE search capabilities, as well as a variety of XML and RSS data feeds with CVE entries and supplemental information to support security automation technologies. NVD is publicly available at http://nvd.nist.gov/.
The MITRE Corporation maintains information on the use of CVE. Vendors that include CVE identifiers in their security advisories are listed at http://cve.mitre.org/compatible/alerts_announcements.html. Products and services that have been reviewed and evaluated by the MITRE Corporation and determined to be “CVE-compatible”, which means that they meet a set of CVE requirements, are listed at http://cve.mitre.org/compatible/compatible.html.
Hv gr8 day!
ABOUT THE AUTHOR