A common language for security vulnerabilities
Source: ZDNet - Posted by Dave Wreski   
Security Projects When hackers want to breach your systems, they typically look for well-known security flaws and bugs to exploit. In the past, vendors and hackers gave different names to the same vulnerabilities. One company might package a group of five vulnerabilities into . . . When hackers want to breach your systems, they typically look for well-known security flaws and bugs to exploit. In the past, vendors and hackers gave different names to the same vulnerabilities. One company might package a group of five vulnerabilities into a patch or service pack and call it by one name, while another vendor might call the same group by five separate names. This confused IT decision makers who evaluated security products. It was difficult to compare scanning and intrusion detection tools because the vulnerabilities and exposures that they checked for had different names depending on the vendor's naming conventions.

Fortunately, MITRE is changing that.

MITRE, a non-profit systems engineering corporation, has created a standard Common Vulnerabilities and Exposures (CVE) list. Thanks to the CVE list, you can now evaluate three security vulnerability scanners and ask, "How many CVEs does the tool cover?" and have a valid basis for comparison.

Read this full article at ZDNet

Only registered users can write comments.
Please login or register.

Powered by AkoComment!