AOH :: IS1146.HTM

National Vulnerability Database updated, upgraded

National Vulnerability Database updated, upgraded
National Vulnerability Database updated, upgraded

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By William Jackson

What=E2=80=99s in a name? Quite a lot, actually. A wealth of information is 
available on information technology threats and vulnerabilities and the 
best practices for countering them, but matching that information to 
your needs can be difficult.

According to a paper Mitre Corp. published in 2007, =E2=80=9CDescriptions of 
vulnerabilities and configuration best practices have greater utility 
when all participants share common names for the entities described.=E2=80=9D 
The not-for-profit organization develops and maintains a number of 
standardized IT naming conventions.

The National Institute of Standards and Technology has incorporated 
Mitre=E2=80=99s Common Platform Enumeration in the latest version of the 
National Vulnerability Database, a comprehensive repository of 
information on potential vulnerabilities in computer systems. NIST is 
applying the CPE product-naming scheme in the NVD dictionary that 
identifies names of products such as operating systems and applications.

Experienced systems administrators and security analysts can get by with 
informal naming systems for platforms and products when they are dealing 
with vulnerabilities and configuration issues. But automated security 
practices require a more consistent and structured naming scheme that 
allows tools and people to identify the IT platforms to which a 
vulnerability or security guidance applies. With a clear naming scheme, 
administrators can generate IT platform names consistently and 

NIST made more than 80,000 updates to NVD in preparation for the latest 
upgrade, which enables greater automation of security processes. Data in 
the earlier NVD product dictionary was suitable only for human use 
because its structure was loosely defined. However, the new dictionary 
enables the data to be used in machine-to-machine communications. For 
example, a database of network assets listing hardware, software, 
patches and service packs can be correlated with a database of security 
vulnerabilities, thereby identifying vulnerabilities that might be 
present on instances of software. That is made possible by linking NVD=E2=80=99s 
large repository of vulnerability information to standard product names.


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 

Site design & layout copyright © 1986-2015 CodeGods