National Vulnerabilities Database launched

National Vulnerabilities Database launched

Summary: The National Institute of  Standards and Technology has launched the National Vulnerabilities Database (NVD), a comprehensive collection of computer security weaknesses. NVD collates cybersecurity warnings from various US government sources, including the Computer Emergency Readiness Team (CERT).

SHARE:
TOPICS: Security, Hardware
15

The National Institute of  Standards and Technology has launched the National Vulnerabilities Database (NVD), a comprehensive collection of computer security weaknesses. NVD collates cybersecurity warnings from various US government sources, including the Computer Emergency Readiness Team (CERT). The database contains about 12,000 listings, with 10 a day being added.

The database is built on the Common Vulnerabilities and Exposures dictionary, a standard naming convention for computer vulnerabilities.

Anyone can subscribe to an RSS feed to receive notifications of new additions to the database. In a story on FCW.com, NIST scientist Peter Mell explained that developers can incorporate the data into their IT security products. The NVD can also generate statistics that reveal vulnerability discovery trends within industry segments and products, Mell said.

There's also a statistics generation engine to chart and graph custom statistics. For instance, Mell told FCW.com, graphs of the database reveal that there are still lots of buffer overflow problems with products, even though tools to eliminate them are available.

A quick search of the database revealed 1127 incidents for "microsoft" and 280 for "apple." 

 

 

 

 

Topics: Security, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • Numbers Are Inaccurate...Report It Right ZDNet

    If you do a search, search on US-CERT Technical Alerts or Vulnerability Notes, not OVAL...who the heck is OVAL...I've always gotten my vulnerability info from US-CERT.

    Here are the numbers:

    Microsoft - 212
    Apple - 58
    Linux - 107
    Unix - 64
    itanalyst
    • Still Proves Microsoft SUCKS

      <NT>
      itanalyst
      • Comparng a kernel to entire OS proves....what?

        .....
        toadlife
    • RE: who the heck is OVAL

      http://oval.mitre.org/
      "OVAL is an international, information security community baseline standard for how to check for the presence of vulnerabilities and configuration issues on computer systems."

      Say, "Thankyou Squawk"

      "Why you're welcome Itanalyst, it is my pleasure to be of service."
      Squawkbox
      • Why Thank You Squawk!

        <nt>
        itanalyst
        • Just teasing with you

          I was wondering who/whom or what they were too.
          Squawkbox
    • They should only count the open ones ...

      ... for Apple and Linux but count all of them for Microsoft! :) That way the Linux and MAC lemmings will be happy. Seriously it shows what they intended it to show. When you start your organization youi can show it your way!
      ShadeTree
      • Fair and accurate are fair and accurate and not open

        to opinion and spin. Anything other than fair and accurate is
        spin.

        Why someone or some organization would choose anything but
        fair and accurate us open to speculation I suppose but in the
        end you and your report are either correct or not there should
        never be any middle ground.

        So what did the "intend" to show anyway?

        Pagan jim
        Laff
        • why? because IT is a mystery to some people

          why? because IT is a mystery to some people so they base their decisions on myth and faith instead of fact.

          i.e. its a religion not a science
          thornec@...
    • Who is OVAL ...

      OVAL is . . .

      an international, information security community baseline standard for how to check for the presence of vulnerabilities and configuration issues on computer systems.

      OVAL standardizes the three main steps of the process with an OVAL System Characteristics Schema for collecting configuration data from systems for testing; OVAL Definitions to test for the presence of specific vulnerabilities, configuration issues, and/or patches; and an OVAL Results Schema for reporting the results from the evaluated systems.

      The tests are standardized, machine-readable XML Vulnerability Definitions, Compliance Definitions, and Patch Definitions. OVAL's schemas and definitions are all free to download, use, reference, and implement.

      http://oval.mitre.org/
      jjsholley@...
  • Half of the errors have been resolved...

    When looking at the "vulnerabilities" list I noticed about half of
    them half been resolved (at least on the mac side).

    Shouldn't this be for "open" vulnerabilities?
    TheCrow_z
  • It is clearly very useful to have all the

    vulnerabilities, especially the unpatched ones, listed in ONE place.

    Why is it reasonable for the hackers to know the vulnerabilities WAY AHEAD of the public?

    Does anyone believe that hackers wait for the public announcements to figure out a vulnerability? Are these same people interested in purchasing a nice bridge over her Potomac river?

    -m
    michael_t
  • Interesting List

    IMHO.
    OptimusPrime
  • Great resource for hackers!

    Knowing that sometimes it takes years before most folk are patched.



    Buy Mac!
    Reverend MacFellow
  • I use Google

    I use google and don't need a centralize database to find bugs in software. hacker noobies
    thornec@...