Author Topic: CVE is a list of common identifiers for publicly known cybersecurity threats  (Read 631 times)

0 Members and 1 Guest are viewing this topic.

Software Santa

  • Administrator
  • *****
  • Join Date: Dec 2006
  • Posts: 5232
  • Operating System:
  • Linux (Ubuntu) Linux (Ubuntu)
  • Browser:
  • Firefox 75.0 Firefox 75.0
Common Vulnerabilities and Exposures (CVE®) is a list of common identifiers for publicly known cybersecurity vulnerabilities.

Quote
Common Vulnerabilities and Exposures (CVE®) is a list of common identifiers for publicly known cybersecurity vulnerabilities.

Use of CVE Entries, which are assigned by CVE Numbering Authorities (CNAs) from around the world, ensures confidence among parties when used to discuss or share information about a unique software or firmware vulnerability, provides a baseline for tool evaluation, and enables automated data exchange.
CVE is:

    One identifier for one vulnerability or exposure
    One standardized description for each vulnerability or exposure
    A dictionary rather than a database
    How disparate databases and tools can "speak" the same language
    The way to interoperability and better security coverage
    A basis for evaluation among services, tools, and databases
    Free for public download and use
    Industry-endorsed via the CVE Numbering Authorities, CVE Board, and numerous products and services that include CVE

Back to top
Why CVE
With & Without CVE

CVE was launched in 1999 when most cybersecurity tools used their own databases with their own names for security vulnerabilities. At that time there was significant variation among products and no easy way to determine when the different databases were referring to the same problem. The consequences were potential gaps in security coverage and no effective interoperability among the disparate databases and tools. In addition, each tool vendor used different metrics to state the number of vulnerabilities or exposures they detected, which meant there was no standardized basis for evaluation among the tools.

CVE’s common, standardized identifiers provided the solution to these problems.

CVE is now the industry standard for vulnerability and exposure identifiers. CVE Entries — also called "CVEs," "CVE IDs," and "CVE numbers" by the community — provide reference points for data exchange so that cybersecurity products and services can speak with each other. CVE Entries also provides a baseline for evaluating the coverage of tools and services so that users can determine which tools are most effective and appropriate for their organization’s needs. In short, products and services compatible with CVE provide better coverage, easier interoperability, and enhanced security.

https://cve.mitre.org/index.html

https://cve.mitre.org/data/downloads/index.html

 

Software Santa first opened on January 1st, 2007
Now celebrating 17 Years of being a Digital Santa Claus!
Software Santa's Speedy Site is Proudly Hosted by A2 Hosting.

Welcome Visitor:





@MEMBER OF PROJECT HONEY POT
Spam Harvester Protection Network
provided by Unspam



Software Santa Welcome Page

The Software Santa Privacy Policy