Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new compatible products, new website features, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for information security vulnerability names. CVE content is approved by the CVE Editorial Board, which is comprised of leading representatives from the information security community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE Identifiers in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/February 5, 2015
-------------------------------------------------------
Contents:
1. Two Products from Two Organizations Now Registered as Officially "CVE-Compatible"
2. CVE-IDs Now Being Issued in the New Numbering Format
3. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
2 Products from 2 Organizations Now Registered as Officially "CVE-Compatible"
Two additional information security products have achieved the final stage of MITRE's formal CVE Compatibility Process and are now officially "CVE-Compatible." Each product is now eligible to use the CVE-Compatible Product/Service logo, and a completed and reviewed "CVE Compatibility Requirements Evaluation" questionnaire is posted for the product as part of the organization's listing on the CVE-Compatible Products and Services page on the CVE website. A total of 145 products to-date have been recognized as officially compatible.
The following products are now registered as officially "CVE-Compatible":
* WPScan - WPScan Vulnerability Database
* Beijing Netpower Technologies Inc. - Netpower Network Vulnerability Scanner
Use of the official CVE-Compatible logo will allow system administrators and other security professionals to look for the logo when adopting vulnerability management products and services for their enterprises and the compatibility process questionnaire will help end-users compare how different products and services satisfy the CVE compatibility requirements, and therefore which specific implementations are best for their networks and systems.
For additional information about CVE compatibility and to review all products and services listed, visit the CVE Compatibility Process and CVE-Compatible Products and Services on the CVE website.
LINKS:
WPScan Vulnerability Database -
https://cve.mitre.org/compatible/questionnaires/163.html
Netpower Network Vulnerability Scanner -
https://cve.mitre.org/compatible/questionnaires/164.html
WPScan -
http://wpvulndb.com/
Beijing Netpower Technologies Inc. -
http://www.netpower.com.cn/
CVE-Compatible Products and Services -
https://cve.mitre.org/compatible/
Process -
https://cve.mitre.org/compatible/process.html
Make a Declaration -
https://cve.mitre.org/compatible/make_a_declaration.html
News page article -
https://cve.mitre.org/news/index.html#February042015_1_Product_from_WPScan_Now_Registered_as_Officially_CVE_Compatible
News page article -
https://cve.mitre.org/news/index.html#February042015_1_Product_from_Beijing_Netpower_Technologies_Now_Registered_as_Officially_CVE_Compatible
---------------------------------------------------------------
CVE-IDs Now Being Issued in the New Numbering Format
The first ever CVE-ID numbers issued in the new CVE-ID numbering format were posted to the CVE List on January 13, 2015 for vulnerabilities disclosed in 2014: CVE-2014-10001 with 5 digits and CVE-2014-100001 with 6 digits.
The format of CVE-ID numbers was changed last year in January 2014 so that the CVE project can track 10,000 or more vulnerabilities for a given calendar year. Previously, CVE-IDs were restricted to four digits at the end in the sequence number portion of the ID, for example "CVE-2014-0160", but this four-digit restriction only allowed up to 9,999 vulnerabilities per year. With the new format, CVE-ID numbers may have 4, 5, 6, 7, or more digits in the sequence number if needed in a calendar year. For example, the just released "CVE-2014-10001" with 5 digits in the sequence number and "CVE-2014-100001" with 6 digits in the sequence number, or CVE-2014-XXXXXXX with 7 digits in the sequence number, and so on.
Additional CVE-IDs in the new format with 5 and 6 digits in the sequence number were also issued — CVE-2014-10001 through CVE-2014-10039 with 5 digits, and CVE-2014-100001 through CVE-2014-100038 with 6 digits — to also identify vulnerabilities disclosed in 2014. Enter these CVE-ID numbers in the search field on the CVE List page to learn more about each issue.
More technical details about the IDs issued in the new format are available in a post on the CVE Editor's Commentary blog on the CVE website at https://cve.mitre.org/cve/edcommentary.html#january132015_CVE_IDs_Posted_Today_for_the_First_Time_Using_the_New_ID_Syntax.
Please report any problems, or anticipated problems, that you encounter with CVE-IDs issued in the new format to cve-id-change@mitre.org.
LINKS:
CVE-ID Format Change -
https://cve.mitre.org/cve/identifiers/syntaxchange.html
CVE-2014-10001 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10001
CVE-2014-100001 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-100001
CVE List -
https://cve.mitre.org/cve
Technical Guidance & Test Data for the Format Change -
https://cve.mitre.org/cve/identifiers/tech-guidance.html
Help -
cve-id-change@mitre.org
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Cyber Security Technical Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Editorial Board on all matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2015, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE Web site at https://cve.mitre.org or send an email to cve@mitre.org.
Learn more about Making Security Measurable at http://measurablesecurity.mitre.org and Strengthening Cyber Defense at http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-resources/standards.
No comments:
Post a Comment