Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new versions, upcoming conferences, new
Web site features, etc. right to your email box. Common Vulnerabilities and Exposures
(CVE) is the standard for information security vulnerability names. CVE content results
from the collaborative efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on subscribing (and
unsubscribing) to the email newsletter are at the end. Please feel free to pass this
newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/October 29, 2014
-------------------------------------------------------
Contents:
1. CVE List Surpasses 65,000 CVE Identifiers
2. Technical Guidance & Test Data Available for Updating to the New CVE-ID Format
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE List Surpasses 65,000 CVE Identifiers
The CVE Web site now contains 65,812 unique information security issues with publicly
known names. CVE, which began in 1999 with just 321 common names on the CVE List, is
considered the international standard for public software vulnerability names.
Information security professionals and product vendors from around the world use CVE
Identifiers (CVE-IDs) as a standard method for identifying vulnerabilities; facilitating
their work processes; and cross-linking among products, services, and other repositories
that use the identifiers.
Each of the 65,000+ identifiers on the CVE List includes the following: CVE Identifier
number, brief description of the security vulnerability, and pertinent references such
as vulnerability reports and advisories. Visit the CVE List page to download the
complete list in various formats or to look-up an individual identifier.
IMPORTANT REMINDER: The deadline for compliance with the new CVE-ID numbering format is
rapidly approaching. A CVE-ID number using the new format will be issued either before
the end of 2014 and no later than Tuesday, January 13, 2015. Read our press release at
http://www.mitre.org/news/press-releases/leading-software-vendors-and-cybersecurity-orga
nizations-among-early-adopters-of.
LINKS:
CVE List - https://cve.mitre.org/cve/
CVE-ID numbering format deadline -
https://cve.mitre.org/cve/identifiers/syntaxchange.html
CVE News page article -
https://cve.mitre.org/news/index.html#october272014_CVE_List_Surpasses_65000_CVE_Identif
iers
---------------------------------------------------------------
Technical Guidance & Test Data Available for Updating to the New CVE-ID Format
The format for CVE-IDs changed in January 2014, and CVE-IDs which previously could only
have four fixed digits at the end, e.g., "CVE-2014-0160", can now accommodate five, six,
or more digits at the end. The deadline when a 5-digit CVE-ID will be issued is rapidly
approaching. Organizations that do not update to the new CVE-ID format risk the
possibility that their products and services could break or report inaccurate
vulnerability identifiers, which could significantly impact users' vulnerability
management practices.
To make it easy to update, the CVE Web site provides free technical guidance and CVE
test data for developers and consumers to use to verify that their products and services
will work correctly. In addition, for those who use National Vulnerability Database
(NVD) data, NIST provides test data in NVD format at
http://nvd.nist.gov/cve-id-syntax-change.
Comments or concerns about this guidance, and/or the test data, is welcome at
cve-id-change@mitre.org.
LINKS:
CVE-ID numbering format change - https://cve.mitre.org/cve/identifiers/syntaxchange.html
Technical guidance - https://cve.mitre.org/cve/identifiers/tech-guidance.html
Test data - https://cve.mitre.org/cve/identifiers/tech-guidance.html#test_data
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Celebrates 15 Years!
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Editorial Board on all matters related to ongoing development of
CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2014, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE Web site at https://cve.mitre.org or send
an email to cve@mitre.org.
Learn more about Making Security Measurable at http://measurablesecurity.mitre.org and
Strengthening Cyber Defense at
http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-resources/standar
ds.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment