0 Members and 1 Guest are viewing this topic.
Common Vulnerabilities and Exposures (CVE®) is a list of common identifiers for publicly known cybersecurity vulnerabilities.Use of CVE Entries, which are assigned by CVE Numbering Authorities (CNAs) from around the world, ensures confidence among parties when used to discuss or share information about a unique software or firmware vulnerability, provides a baseline for tool evaluation, and enables automated data exchange.CVE is: One identifier for one vulnerability or exposure One standardized description for each vulnerability or exposure A dictionary rather than a database How disparate databases and tools can "speak" the same language The way to interoperability and better security coverage A basis for evaluation among services, tools, and databases Free for public download and use Industry-endorsed via the CVE Numbering Authorities, CVE Board, and numerous products and services that include CVEBack to topWhy CVEWith & Without CVECVE was launched in 1999 when most cybersecurity tools used their own databases with their own names for security vulnerabilities. At that time there was significant variation among products and no easy way to determine when the different databases were referring to the same problem. The consequences were potential gaps in security coverage and no effective interoperability among the disparate databases and tools. In addition, each tool vendor used different metrics to state the number of vulnerabilities or exposures they detected, which meant there was no standardized basis for evaluation among the tools.CVE’s common, standardized identifiers provided the solution to these problems.CVE is now the industry standard for vulnerability and exposure identifiers. CVE Entries — also called "CVEs," "CVE IDs," and "CVE numbers" by the community — provide reference points for data exchange so that cybersecurity products and services can speak with each other. CVE Entries also provides a baseline for evaluating the coverage of tools and services so that users can determine which tools are most effective and appropriate for their organization’s needs. In short, products and services compatible with CVE provide better coverage, easier interoperability, and enhanced security.