Vulnerability Database Hits 20,000 Software-Flaw Mark

Established just a little over a year ago, the National Institute of Standards and Technology's (NIST) National Vulnerability Database (NVD) now contains information on 20,000 computer system vulnerabilities, up from the original 12,000, and the Web site receives hits at a rate of 25 million per year. For those trying to prevent computer system attacks, keeping up with the hundreds of new vulnerabilities discovered each month can be an overwhelming task, especially since a single flaw can be known by numerous names. The NVD provides standard vulnerability names, integrates all publicly available U.S. government resources on vulnerabilities, provides links to industry resources, and provides standardized vulnerability impact scores using the Common Vulnerability Scoring System. This makes it easier to learn about new vulnerabilities and how to remediate them. NVD is updated daily and can be searched by a variety of vulnerability characteristics; including severity, vendor name, software name and version number. At the request of the software industry, in September, 2006, NIST established a forum on the NVD Web site for software vendors to comment on vulnerabilities in their products. NVD is sponsored by the Department of Homeland Security’s US-CERT and is based upon Common Vulnerabilities and Exposures (CVE) work from the MITRE Corporation. For more information, go to http://nvd.nist.gov/.