This email newsletter is designed to bring recent news about CVE,
such as new versions, upcoming conferences, new Web site features,
etc. right to your emailbox. Common Vulnerabilities and Exposures
(CVE) is the standard for information security vulnerability
names. CVE content results from the collaborative efforts of the
CVE Editorial Board, which is comprised of leading representatives
from the information security community. Details on subscribing
(and unsubscribing) to the email newsletter are at the end. Please
feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 3, 2008
-------------------------------------------------------
Contents:
1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE List Reaches 30,000 CVE Identifiers
The CVE Web site now contains 30,000 unique information security
issues with publicly known names. CVE, which began in 1999 with
just 321 common names on the CVE List, is considered the
international standard for public software vulnerability names.
Information security professionals and product vendors from around
the world use CVE Identifiers (CVE-IDs) as a standard method for
identifying vulnerabilities, and for cross-linking among products,
services, and other repositories that use the identifiers.
The widespread adoption of CVE in enterprise security is
illustrated by the numerous CVE-Compatible Products and Services
in use throughout industry, government, and academia for
vulnerability management, vulnerability alerting, intrusion
detection, and patch management. Major OS vendors and other
organizations from around the world also include CVE-IDs in their
security alerts to ensure that the international community
benefits by having the identifiers as soon as a problem is
announced. CVE-IDs are also used to uniquely identify
vulnerabilities in public watch lists such as the SANS Top 20 Most
Critical Internet Security Vulnerabilities and OWASP Top 10 Web
Application Security Issues.
CVE has also inspired new efforts. MITRE.s Common Weakness
Enumeration (CWE) dictionary of software weakness types is based
in part on the CVE List, and its Open Vulnerability and Assessment
Language (OVAL) effort uses CVE-IDs for its standardized OVAL
Vulnerability Definitions that test systems for the presence of
CVEs. In addition, the U.S. National Vulnerability Database (NVD)
of CVE fix information that is synchronized with and based on the
CVE List recently expanded to include Security Content Automation
Protocol (SCAP) content. SCAP employs community standards to
enable "automated vulnerability management, measurement, and
policy compliance evaluation (e.g., FISMA compliance)," and CVE is
one of the six open standards SCAP uses for enumerating,
evaluating, and measuring the impact of software problems and
reporting results.
Each of the 30,000+ identifiers on the CVE List includes the
following: CVE Identifier number (i.e., "CVE-1999-0067");
indication of "entry" or "candidate" status; brief description of
the security vulnerability; and pertinent references such as
vulnerability reports and advisories or OVAL-ID. Visit the CVE
List page to download the complete list in various formats or to
look-up an individual identifier. Fix information and enhanced
searching of CVE is available from NVD.
LINKS:
CVE List - http://cve.mitre.org/cve
National Vulnerability Database (NVD) - http://nvd.nist.gov/
-------------------------------------------------------------
UPCOMING EVENT:
MITRE to Host 'Making Security Measurable' Booth at "RSA 2008,"
April 7-11
MITRE is scheduled to host a Making Security Measurable exhibitor
booth at "RSA 2008" on April 7-11, 2008 at the Moscone Center in
San Francisco, California, USA.
The conference will expose the CVE, CCE, CME, CPE, CWE, CAPEC,CEE,
CRF, OVAL, and Making Security Measurable efforts to information
security professionals from government and industry. Visit the CWE
Calendar for information on this and other events.
LINKS:
RSA 2008 - http://www.rsaconference.com/2008/US/Home.aspx
Making Security Measurable - http://measurablesecurity.mitre.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
-------------------------------------------------------------
ALSO IN THIS ISSUE:
* MITRE Scheduled to Present 'Making Security Measurable' Briefing
at "GOVSEC" on April 24
* MITRE Scheduled to Present 'Making Security Measurable' Briefing
at "CSI Security Exchange 2008" on April 27
* MITRE Presents 'Making Security Measurable' Briefing at "SEPG
North America 2008" on March 18
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: David Mann, Information Security Technical
Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org)
maintains CVE and provides impartial technical guidance to the CVE
Editorial Board on all matters related to ongoing development of
CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new
email message and copy the following text to the BODY of the
message "SIGNOFF CVE-Announce-list", then send the message to:
listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of
the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2008, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more
about Making Security Measurable at
No comments:
Post a Comment