• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

A Dictionary For Vulnerabilities

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
Rottz
Just Arrived
Just Arrived


Joined: 29 Mar 2003
Posts: 3
Location: East Coast, USA

Offline

PostPosted: Tue Jun 24, 2003 7:21 pm    Post subject: A Dictionary For Vulnerabilities Reply with quote

A Dictionary For Vulnerabilities
By Larry Seltzer(larryseltzer@ziffdavis.com)
Quote:
If you ever read security vulnerabilities you eventually run into a notation looking like "CVE-2002-0947." This is a standard naming convention for vulnerabilities called Common Vulnerabilities and Exposures (CVE). CVE is administered by a company called Mitre, a non-profit company that operates governmental research facilities and other such cool things. In addition to hosting the CVE list, Mitre acts as the editor for aspects of list development. But the most important decisions are made by an editorial board with representatives of security and software firms.

CVE is an important part of modern security efforts but it could be more important. The main function of CVE is to provide security-related programs a common naming set for vulnerabilities on which they may operate. Security products, vulnerability scanners for example, usually provide mappings to CVE names. For example, Netcraft has a network vulnerability scanning service called [url=news.netcraft.com/archives/2003/01/01/automated_security_testing.html]Netcraft Network Examination[/url] which provides mappings to CVE names for the vulnerabilities it finds. The CVE site has [url=cve.mitre.org/compatible/product.html]a list of CVE-compatible products[/url], including an [url=cve.mitre.org/compatible/phase2/Netcraft_NNE.html]entry for Netcraft[/url].
Full Article: [url=security.ziffdavis.com/article2/0,3973,1134336,00.asp]A Dictionary For Vulnerabilities[/url]

This is a good article explaining CVE, a valuable resource for secuity researchers to track and catalog vulnerabilities.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
RoboGeek
SF Mod
SF Mod


Joined: 13 Jun 2003
Posts: 16777166
Location: LeRoy, IL

Offline

PostPosted: Tue Jun 24, 2003 7:33 pm    Post subject: Reply with quote

now THAT is darn handy! I've seen that referenced before, but I always just skipped checking out the numbers, or even who generated them.
Now I know Very Happy
Back to top
View user's profile Send private message Visit poster's website
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Tue Jun 24, 2003 7:43 pm    Post subject: Reply with quote

Heh, I always just assumed that everyone knew about CVE.
Back to top
View user's profile Send private message Visit poster's website
Rottz
Just Arrived
Just Arrived


Joined: 29 Mar 2003
Posts: 3
Location: East Coast, USA

Offline

PostPosted: Tue Jun 24, 2003 7:52 pm    Post subject: Reply with quote

alt.don wrote:
Heh, I always just assumed that everyone knew about CVE.

I told you don, you assume WAY TOO MUCH! Wink

Never assume, because it makes an ASS out of U and ME Razz Laughing
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register