The National Institute of Standards and Technology has launched the National Vulnerabilities Database (NVD), a comprehensive collection of computer security weaknesses. NVD collates cybersecurity warnings from various US government sources, including the Computer Emergency Readiness Team (CERT). The database contains about 12,000 listings, with 10 a day being added.
The database is built on the Common Vulnerabilities and Exposures dictionary, a standard naming convention for computer vulnerabilities.
Anyone can subscribe to an RSS feed to receive notifications of new additions to the database. In a story on FCW.com, NIST scientist Peter Mell explained that developers can incorporate the data into their IT security products. The NVD can also generate statistics that reveal vulnerability discovery trends within industry segments and products, Mell said.
There's also a statistics generation engine to chart and graph custom statistics. For instance, Mell told FCW.com, graphs of the database reveal that there are still lots of buffer overflow problems with products, even though tools to eliminate them are available.
A quick search of the database revealed 1127 incidents for "microsoft" and 280 for "apple."