newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/February 16, 2011
-------------------------------------------------------
Contents:
1. Feature Story
2. HOT TOPIC
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE List Surpasses 45,000 CVE Identifiers
The CVE Web site now contains 45,069 unique information security issues with
publicly known names. CVE, which began in 1999 with just 321 common names on
the CVE List, is considered the international standard for public software
vulnerability names. Information security professionals and product vendors
from around the world use CVE Identifiers (CVE-IDs) as a standard method for
identifying vulnerabilities, and for cross-linking among products, services,
and other repositories that use the identifiers.
The widespread adoption of CVE in enterprise security is illustrated by the
numerous CVE-Compatible Products and Services in use throughout industry,
government, and academia for vulnerability management, vulnerability
alerting, intrusion detection, and patch management. Major OS vendors and
other organizations from around the world also include CVE-IDs in their
security alerts to ensure that the international community benefits by
having the identifiers as soon as a problem is announced. CVE-IDs are also
used to uniquely identify vulnerabilities in public watch lists such as the
SANS Top Cyber Security Risks and OWASP Top 10 Web Application Security
Issues.
CVE has also inspired new efforts. MITRE's Common Weakness Enumeration (CWE)
dictionary of software weakness types is based in part on the CVE List, and
its Open Vulnerability and Assessment Language (OVAL) effort uses CVE-IDs
for its standardized OVAL Vulnerability Definitions that test systems for
the presence of CVEs. In addition, the U.S. National Vulnerability Database
(NVD) of CVE fix information that is synchronized with and based on the CVE
List also includes Security Content Automation Protocol (SCAP) content. SCAP
employs community standards to enable "automated vulnerability management,
measurement, and policy compliance evaluation (e.g., FISMA compliance)," and
CVE is one of the six existing open standards SCAP uses for enumerating,
evaluating, and measuring the impact of software problems and reporting
results.
Each of the 45,000+ identifiers on the CVE List includes the following: CVE
Identifier number (i.e., "CVE-1999-0067"); brief description of the security
vulnerability; and pertinent references such as vulnerability reports and
advisories or OVAL-ID. Visit the CVE List page to download the complete list
in various formats or to look-up an individual identifier. Fix information
and enhanced searching of CVE is available from NVD.
LINKS:
CVE List - http://cve.mitre.org/cve/
NVD - http://nvd.nist.gov/
CVE-Compatible Products and Services -
http://cve.mitre.org/compatible/compatible.html
---------------------------------------------------------------
HOT TOPIC:
Visit the CVE/Making Security Measurable Booth at "RSA 2011," February 14-18
Members of the CVE Team will be in attendance at MITRE's Making Security
Measurable booth at "RSA 2011" underway right now at the Moscone Center in
San Francisco, California, USA.
Please stop by Booth 2617 and say hello!
LINKS:
RSA 2011 - http://www.rsaconference.com/2011/usa/
Making Security Measurable - http://makingsecuritymeasurable.mitre.org/
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* 1 Product from Neusoft Corporation Now Registered as Officially
"CVE-Compatible"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
