This email newsletter is designed to bring recent news about CVE,
such as new versions, upcoming conferences, new Web site features,
etc. right to your emailbox. Common Vulnerabilities and Exposures
(CVE) is the standard for information security vulnerability
names. CVE content results from the collaborative efforts of the
CVE Editorial Board, which is comprised of leading representatives
from the information security community. Details on subscribing
(and unsubscribing) to the email newsletter are at the end. Please
feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/February 27, 2008
-------------------------------------------------------
Contents:
1. Feature Story
2. HOT TOPIC
3. Upcoming Event
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Four Products from Four Organizations Now Registered as Officially
"CVE-Compatible"
Four additional information security products have achieved the
final stage of MITRE's formal CVE Compatibility Process and are
now officially "CVE-Compatible." The products are now eligible to
use the CVE-Compatible Product/Service logo, and a completed and
reviewed "CVE Compatibility Requirements Evaluation" questionnaire
is posted for each product as part of the organization's listing
on the CVE-Compatible Products and Services page on the CVE Web
site. A total of 76 products to-date have been recognized as
officially compatible.
The following products are now registered as officially
"CVE-Compatible":
* AdventNet, Inc. - ManageEngine Security Manager Plus
* Assuria Limited - Assuria Auditor
* National Institute of Standards and Technology (NIST) -
National Vulnerability Database (NVD)
* SecureInfo Corporation - Risk Management System (RMS)
Use of the official CVE-Compatible logo will allow system
administrators and other security professionals to look for the
logo when adopting vulnerability management products and services
for their enterprises and the compatibility process questionnaire
will help end-users compare how different products satisfy the CVE
compatibility requirements, and therefore which specific
implementations are best for their networks and systems.
For additional information about CVE compatibility and to review
all products and services listed, visit the CVE Compatibility
Process and CVE-Compatible Products and Services.
LINKS:
AdventNet, Inc. - http://www.adventnet.com
Assuria Limited - http://www.assuria.com
National Institute of Standards and Technology (NIST) -
SecureInfo Corporation - http://www.secureinfo.com
CVE Compatibility Process -
http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Service -
http://cve.mitre.org/compatible/
-------------------------------------------------------------
HOT TOPIC:
CVE Mentioned in "SC Magazine" Article about Vulnerability
Management
CVE was mentioned in an article entitled "Vulnerability
management: weathering the storm" in the February 1, 2008 issue of
"SC Magazine." CVE is mentioned in a section entitled
"Vulnerabilities on the rise" when the author states: "Last year
gave rise to about 7,000 unique vulnerabilities, says Steve
Christey, principal information security engineer at MITRE, which
maintains the Common Vulnerabilities and Exposure (CVE) list, a
dictionary that provides the common names for publicly known
security vulnerabilities. Since 1999, MITRE has tracked some
28,000 vulnerabilities in packaged software. While the sheer
number of bugs is certainly cause for concern, flaws do have one
positive attribute: they provide a tangible way to assess risk,
say experts."
CVE is mentioned again when the author explains that "Each CVE
listing in the National Vulnerability Database, the U.S.
government repository of standards based vulnerability management
data, supports the Common Vulnerability Scoring System (CVSS), an
open framework that standardizes the severity of vulnerabilities
across heterogeneous platforms."
Also included is a quote about CVSS who states that "CVSS is a way
to provide a consistent risk metric. All of the vulnerability
scanning tools and all of the alerts will use their own definition
of risk, so a consumer of this information, if they're not using
CVSS, might get multiple interpretations of how significant a
single vulnerability is."
The article also mentions MITRE's Common Weakness Enumeration
(CWE) at http://cwe.mitre.org, which is based in part on CVE.
LINKS:
SC Magazine article -
http://www.scmagazineus.com/Vulnerability-management-weathering-the-storm/ar
ticle/105009/
CVE Web site - http://cve.mitre.org
-------------------------------------------------------------
HOT TOPIC:
MITRE to Host 'Making Security Measurable' Booth at "InfoSec World
2008," March 10-11
MITRE is scheduled to host a Making Security Measurable exhibitor
booth at "InfoSec World Conference & Expo 2008" on March 10-11,
2008 at the Rosen Shingle Creek Resort in Orlando, Florida, USA.
The conference will expose the CVE, CCE, CME, CPE, CWE, CAPEC,
CEE, CRF, OVAL, and Making Security Measurable efforts to
information security professionals from government and industry.
Visit the CVE Calendar for information on this and other events.
LINKS:
Infosec World 2008 -
http://www.misti.com/default.asp?page=65&Return=70&ProductID=5539
Making Security Measurable - http://measurablesecurity.mitre.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
-------------------------------------------------------------
ALSO IN THIS ISSUE:
* Lenovo Security Technologies, Inc. Makes Declaration of CVE
Compatibility
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: David Mann, Information Security Technical
Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org)
maintains CVE and provides impartial technical guidance to the CVE
Editorial Board on all matters related to ongoing development of
CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new
email message and copy the following text to the BODY of the
message "SIGNOFF CVE-Announce-list", then send the message to:
listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of
the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2008, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org.
No comments:
Post a Comment