This email newsletter is designed to bring recent news about CVE,
such as new versions, upcoming conferences, new Web site features,
etc. right to your emailbox. Common Vulnerabilities and Exposures
(CVE) is the standard for information security vulnerability
names. CVE content results from the collaborative efforts of the
CVE Editorial Board, which is comprised of leading representatives
from the information security community. Details on subscribing
(and unsubscribing) to the email newsletter are at the end. Please
feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/July 16, 2008
-------------------------------------------------------
Contents:
1. Feature Story
2. UPCOMING EVENT
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE Identifiers Now Included in Oracle's "Critical Patch Updates"
Oracle is now including CVE Identifiers (CVE-IDs) in its quarterly
Critical Patch Update (CPU) documentation. "The July 2008 Critical
Patch Update" was released on July 15, 2008.
"Oracle is delighted to become a Candidate Naming Authority under
CVE. The adoption of CVE, along with our use of CVSS is further
evidence of Oracle's desire to lead the industry in term of secure
development and remediation practices," said Mary Ann Davidson,
Oracle CSO. "While the CPU documentation will remain the main
source of information about vulnerabilities in Oracle products, we
believe that the use of unique CVE Identifiers should result in
helping to simplify how Oracle vulnerabilities are identified in
external security reports such as those produced by security
researchers and vulnerability management systems."
Over 70 organizations from around the world have included CVE-IDs
in their security advisories, ensuring that the community benefits
by having CVE-IDs as soon as the problem is announced.
"Including CVE-IDs in the initial public announcement of security
fixes is of great benefit to security managers of enterprises that
use Oracle software," said Robert Martin, CVE Outreach Lead. "This
will help those enterprises manage their Oracle patching effort in
the same manner as they manage their vulnerability and patching
efforts for the rest of their applications and operating systems
software. Including CVE-IDs is definitely something we encourage
of every software product vendor."
The other software companies independently issuing CVE-IDs for
their products include Cisco, Red Hat, Debian, HP, FreeBSD, Ubuntu
Linux, Microsoft, and Apple.
LINKS:
Oracle's July 2008 Critical Patch Update -
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuj
ul2008.html
Common Vulnerability Scoring System (CVSS) -
http://www.first.org/cvss/
Organizations Including CVE-IDs -
http://cve.mitre.org/compatible/alerts_announcements.html
CVE List - http://cve.mitre.org/cve
-------------------------------------------------------------
UPCOMING EVENT:
MITRE Scheduled to Host CVE/'Making Security Measurable' Booth at
"Black Hat Briefings 2008" on August 6-7
MITRE is scheduled to host a Making Security Measurable booth at
"Black Hat Briefings 2008" at Caesars Palace Las Vegas on August
6-7, 2008 in Las Vegas, Nevada, USA.
Visit us at Booth A and learn how information security data
standards facilitate both effective security process coordination
and the use of automation to assess, manage, and improve the
security posture of enterprise security information
infrastructures.
See the CVE Calendar on the CVE Web site for information on this
and other events.
LINKS:
Black Hat Briefings 2008 -
http://www.blackhat.com/html/bh-usa-08/bh-us-08-main.html
Making Security Measurable - http://measurablesecurity.mitre.org/
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Gamasec Ltd. Makes Declaration of CVE Compatibility
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: David Mann, Information Security Technical
Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org)
maintains CVE and provides impartial technical guidance to the CVE
Editorial Board on all matters related to ongoing development of
CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new
email message and copy the following text to the BODY of the
message "SIGNOFF CVE-Announce-list", then send the message to:
listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of
the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2008, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more
about Making Security Measurable at
http://measurablesecurity.mitre.org.
