Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new compatible products, new website features, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cyber security vulnerability names. CVE content is approved by the CVE Editorial Board, which is comprised of leading representatives from the information security community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE Identifiers in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/June 29, 2015
-------------------------------------------------------
Contents:
1. CVE List Surpasses 70,000 CVE-IDs
2. CVE Identifiers Used throughout Trustwave's "2015 Trustwave Global Security Report"
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE List Surpasses 70,000 CVE-IDs
On June 24, 2015 the CVE website surpassed the 70,000 CVE Identifiers (CVE-IDs) milestone with 70,036 unique cyber security issues with publicly known names posted on the CVE List.
CVE, which began in 1999 with just 321 common names on the CVE List, is considered the international standard for public software vulnerability names. Cyber security professionals and product vendors from around the world use CVE-IDs as a standard method for identifying vulnerabilities; facilitating their work processes; and cross-linking among products, services, and other repositories that use the identifiers.
Each of the 70,000+ identifiers on the CVE List includes the following: CVE Identifier number, brief description of the security vulnerability, and pertinent references such as vulnerability reports and advisories.
Visit the CVE List page at https://cve.mitre.org/cve to download the complete list in various formats or to look-up an individual identifier. Fix information, enhanced searching, and a Common Vulnerability Scoring System (CVSS) calculator for scoring the severity of CVE-IDs are available from U.S. National Vulnerability Database (NVD) at https://nvd.nist.gov/home.cfm.
LINKS:
CVE List -
https://cve.mitre.org/cve
NVD -
https://nvd.nist.gov/home.cfm
News page Article -
https://cve.mitre.org/news/index.html#june262015_CVE_List_Surpasses_70,000_CVE_IDs
---------------------------------------------------------------
CVE Identifiers Used throughout Trustwave's "2015 Trustwave Global Security Report"
CVE-IDs are cited throughout Trustwave's "2015 Trustwave Global Security Report" to uniquely identify the vulnerabilities referenced in the report text and several of the charts.
CVE was also specifically mentioned in a section of the report that discussed "Celebrity Vulnerabilities' such as "Heartbleed," "Shellshock," "Poodle," and others. The report states: "For the purpose of this discussion, we define "celebrity" vulnerabilities as those such as Heartbleed that receive memorable names, and sometimes logos, from their discoverers. For years, researchers have assigned quirky names to the malware they discover - for example, the Melissa virus. Catch names and logos can help spread the word more quickly, and in 2014 this trend extended beyond malware to vulnerabilities. Prior, the security community generally referenced flaws with the Common vulnerabilities and Exposures (CVE) numbering standard (e.g., CVE-2014-0160). In 2014, a number of celebrity vulnerabilities made headlines. Higher-profile promotion of security weaknesses no doubt led to quicker patching among businesses."
The free report is available for download at https://www2.trustwave.com/GSR2015.html?utm_source=webbanner&utm_medium=web&utm_campaign=GSR. You must fill-out a form to download the report.
LINKS:
Report -
https://www2.trustwave.com/GSR2015.html?utm_source=webbanner&utm_medium=web&utm_campaign=GSR
CVE-IDs -
https://cve.mitre.org/cve
News page Article -
https://cve.mitre.org/news/index.html#june182015_CVE_Identifiers_Used_throughout_Trustwavess_2015_Trustwave_Global_Security_Report
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* "CVE-2015-2865" Cited in Numerous Security Advisories and News Media References about the Samsung Galaxy Keyboard Vulnerability
Read these stories and more news at https://cve.mitre.org/news.
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Cyber Security Technical Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Editorial Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2015, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE Web site at https://cve.mitre.org or send an email to cve@mitre.org.
No comments:
Post a Comment