[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[COMPAT] Draft NIST Recommendation for CVE-Compatible Products



The draft NIST recommendation for the usage of CVE-compatible products
is available for commentary by February 18.

See http://csrc.nist.gov/publications/drafts.html

  The draft NIST recommendation "Use of the CVE Vulnerability Naming
  Scheme Within its Acquired Products and Information Technology
  Security Procedures" advises agencies on the use of the Common
  Vulnerability and Exposures (CVE) vulnerability naming scheme. It
  recommends that agencies give substantial consideration to buying
  products and services compatible with the CVE naming scheme. The
  recommendation also advises agencies to periodically monitor their
  systems for vulnerabilities listed in the CVE vulnerability naming
  scheme. Agencies are also advised to use the CVE naming scheme in
  their communications and descriptions of vulnerabilities. You are
  invited to submit any comments you may have to both Peter Mell and
  Timothy Grance at peter.mell@nist.gov and timothy.grance@nist.gov by
  February 18, 2002.


- Steve

Page Last Updated or Reviewed: May 22, 2007