CVE - Enterprise Security Enabled by CVE

About CVE

Terminology
Documents
FAQs
CVE List

About CVE Identifiers
Obtain a CVE Identifier
Search CVE
Search NVD
CVE In Use

CVE Compatible Products
NVD for CVE Fix Information
More . . .
News & Events

Calendar
Free Newsletter
Community

CVE Editorial Board
Sponsor
Contact Us

Search the Site

CVE Compatibility

What It Means to Be Compatible
Process
Requirements
Benefits

Compatible Products and Services

Declarations to Be Compatible
Organizations Participating
Product List
Country List
Product Type List
CVE Identifiers in Advisories
Make a Declaration

Items of Interest

FAQs

Enterprise Security Enabled by CVE

CVE compatibility enables enterprise security through the use of shared CVE names, changing the way organizations use security tools, services, and data sources to address their operational security posture.

A CVE-Enabled Process

In a CVE-enabled process, CVE-compatible vulnerability services, databases, Web sites, and tools can cross-link with other compatible tools and data sources. In this This image pictures the text that surrounds it example, an organization is able to detect an ongoing attack with its CVE-compatible IDS system (A). In a CVE-compatible IDS, specific vulnerabilities that are susceptible to the detected attack are provided as part of the attack report. This information can then be compared against the latest vulnerability scan by your CVE-compatible scanner (B) to determine whether your enterprise has one of the vulnerabilities or exposures that can be exploited by the attack. If it does, you can then access a CVE-compatible site with patches and workarounds for known vulnerabilities at the vendor of the software product, or you can use the services of a vulnerability Web site, which lets you identify (C) the location of the fix for a CVE entry (D), if one exists.

Identifying your risk

Using CVE-compatible products also allows you to improve how your organization responds to security advisories. If the advisory is CVE-compatible, you can see if your scanners check for this threat and then determine whether your IDS has the appropriate attack signatures. If you build or maintain systems for customers, the CVE compatibility of advisories will help you to directly identify any fixes from the vendors of the commercial software products in those systems (if the vendor fix site is CVE-compatible). The result is a much more structured and predictable process for handling advisories than most organizations currently possess.

CVE Compatibility

Refer to the CVE-Compatible Products/Services page for an up-to-date list of compatible vulnerability/exposure alerts, intrusion detection tools, vulnerability databases, vulnerability assessment tools, risk management tools, integrated product suites, and educational and research materials.

Page Last Updated: May 21, 2007