What is CVE ?

Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides common names for publicly known information security vulnerabilities and exposures. CVE common names make it easier to share data across separate network security databases and tools that are CVE-compatible. CVE also provides a baseline for evaluating the coverage of an organization's security tools, including the security advisories it receives. CVE content is determined by the CVE Editorial Board, which is composed of experts from the international information security community. The MITRE Corporation maintains CVE and manages the CVE Editorial Board.

Security Database uses the publicly known vulnerabilities identified in CVE List as the basis for most of the SDcon Quotation.

What does it mean to be CVE-Compatible ?

"CVE-compatible" means that a tool, Web site, database, or other security product or service uses CVE names in a manner that allows it to be cross-referenced with other products that employ CVE names. CVE-compatible means:

  • CVE SEARCHABLE - A user can search using a CVE name to find related information.
  • CVE OUTPUT - Information is presented that includes the related CVE name(s).
  • MAPPING - The repository owner has provided a mapping relative to a specific version of CVE, and has made a good faith effort to ensure accuracy of that mapping.
  • DOCUMENTATION - The organization's standard documentation includes a description of CVE, CVE compatibility, and the details of how its customers can use the CVE-related functionality of its product or service.

See the CVE Web site for detailed information on how a Web site, tool, database, or other security product/service becomes compatible, and for a complete list of CVE-compatible products and services.

How Security-Database uses CVE ?

Security Database is officially Compatible.

Security Database Alerts quotation are mostly based on the publicly known vulnerabilities identified on the CVE List. CVE names (also called "CVE numbers," "CVE-IDs," and "CVEs") are unique, common identifiers for publicly known information security vulnerabilities. CVE names have "entry" or "candidate" status. Entry status indicates that the CVE name has been accepted to the CVE List while candidate status (also called "candidates," "candidate numbers," or "CANs") indicates that the name is under review for inclusion in the list.

Each CVE name includes the following:

  • CVE identifier number (i.e., "CVE-1999-0067").
  • Indication of "entry" or "candidate" status.
  • Brief description of the security vulnerability or exposure.
  • Any pertinent references (i.e., vulnerability reports and advisories).

CVE names are used as references in the "CVE-ID" field in all Alerts Vulnerability Definitions stored in the Definitions Repository.

More information on CVE Compatibility ?

See the CVE Web site for detailed information on how a Web site, tool, database, or other security product or service becomes compatible, and for a complete list of CVE-compatible products and services