News & Events

April 4, 2014

Proximis Makes Declaration of CVE Compatibility

Proximis declared that its Apache CouchDB JSON Database is CVE-Compatible. For additional information about this and other CVE-Compatible products, visit the CVE-Compatible Products and Services section.

March 17, 2014

1 Product from NSFOCUS Now Registered as Officially "CVE-Compatible"

cve compatible imageOne additional information security product has achieved the final stage of MITRE's formal CVE Compatibility Process and is now officially "CVE-Compatible." The product is now eligible to use the CVE-Compatible Product/Service logo, and a completed and reviewed "CVE Compatibility Requirements Evaluation" questionnaire is posted for the product as part of the organization's listing on the CVE-Compatible Products and Services page on the CVE Web site. A total of 160 products to-date have been recognized as officially compatible.

The following product is now registered as officially "CVE-Compatible":

NSFOCUS Information Technology Co., Ltd. - Next-Generation Firewall (NF)

Use of the official CVE-Compatible logo will allow system administrators and other security professionals to look for the logo when adopting vulnerability management products and services for their enterprises and the compatibility process questionnaire will help end-users compare how different products and services satisfy the CVE compatibility requirements, and therefore which specific implementations are best for their networks and systems.

For additional information about CVE compatibility and to review all products and services listed, visit the CVE Compatibility Process and CVE-Compatible Products and Services.

Codenomicon, Ltd. Makes Declaration of CVE Compatibility

Codenomicon, Ltd. declared that its binary vulnerability scanner, Codenomicon Appcheck, is CVE-Compatible. For additional information about this and other CVE-Compatible products, visit the CVE-Compatible Products and Services section.

February 21, 2014

Technical Guidance for Handling the New CVE-ID Syntax Now Available

A new Technical Guidance for Handling the New CVE-ID Syntax page is now available on the CVE Web site. The new page provides technical guidance and test data for developers and consumers for tools, web sites, and other capabilities that use CVE Identifiers (CVE-IDs), including the following: considerations for input and output formats, considerations for extraction or parsing, extraction and conversion methods for CVE-IDs, an example conversion algorithm for incoming IDs, and CVE-ID Test Data for Implementers available for download in a ZIP file.

Feedback about this page and/or the test data is welcome at cve-id-change@mitre.org.

February 6, 2014

ViewTrust Technology, Inc. Makes Declaration of CVE Compatibility

ViewTrust Technology, Inc. declared that its aggregation capability, Analytic Continuous Monitoring Engine (ACE), is CVE-Compatible. For additional information about this and other CVE-Compatible products, visit the CVE-Compatible Products and Services section.

January 15, 2014

New CVE-ID Format in Effect as of January 1, 2014

The new syntax for CVE Identifiers (CVE-IDs) took effect on January 1, 2014.

The new CVE-ID syntax is variable length and includes:

CVE prefix + Year + Arbitrary Digits

IMPORTANT: The variable length arbitrary digits will begin at four (4) fixed digits and expand with arbitrary digits only when needed in a calendar year, for example, CVE-YYYY-NNNN and if needed CVE-YYYY-NNNNN, CVE-YYYY-NNNNNNN, and so on. This also means there will be no changes needed to previously assigned CVE-IDs, which all include 4 digits.

Visit the CVE-ID Syntax Change page for additional information, and send any comments or concerns to cve-id-change@mitre.org.

CVE-ID Syntax Change Infographic Available for Reposting

An infographic explaining the Previous (i.e., "old") CVE-ID Syntax versus the New CVE-ID Syntax that is in effect as of January 1, 2014 is available for reposting.

CVE-ID Syntax Change

Please feel free to re-post this infographic. We would like the syntax change announcement to reach the widest possible audience.

Hillstone Networks Makes Declaration of CVE Compatibility

Hillstone Networks declared that its Hillstone Networks Intrusion Protection System is CVE-Compatible. For additional information about this and other CVE-Compatible products, visit the CVE-Compatible Products and Services section.

 
Page Last Updated: April 04, 2014