CVE - News & Events

About CVE

Terminology
Documents
FAQs
CVE List

About CVE Identifiers
Search CVE
Search NVD
Updates & RSS Feeds
Request a CVE-ID
CVE In Use

CVE Adoption
CVE-Compatible Products
NVD for CVE Fix Information
More…
News & Events

Calendar
Free Newsletter
Community

CVE Editorial Board
Sponsor
Contact Us

Search the Site

News & Events

Calendar of Events
Industry News Coverage
Press Center
News & Events Archive
Free Newsletter

News & Events

January 24, 2012

NETpeas, SA Makes Declaration of CVE Compatibility

NETpeas, SA declared that its cloud-based, multi-engines vulnerability management service, COREvidence, will be CVE-Compatible. For additional information about this and other CVE-Compatible products, visit the CVE-Compatible Products and Services section.

January 13, 2012

New CVE Editorial Board Member

Harold Booth of National Institute of Standards and Technology (NIST) has joined the CVE Editorial Board. Peter Mell of NIST also remains as a Board member.

January 4, 2012

1 Product from TrustSign Now Registered as Officially "CVE-Compatible"

One additional information security product has achieved the final stage of MITRE’s formal CVE Compatibility Process and is now officially "CVE-Compatible." The product is now eligible to use the CVE-Compatible Product/Service logo, and a completed and reviewed "CVE Compatibility Requirements Evaluation" questionnaire is posted for the product as part of the organization’s listing on the CVE-Compatible Products and Services page on the CVE Web site. A total of 123 products to-date have been recognized as officially compatible.

The following product is now registered as officially "CVE-Compatible":

TrustSign

Selos de Segurança

Use of the official CVE-Compatible logo will allow system administrators and other security professionals to look for the logo when adopting vulnerability management products and services for their enterprises and the compatibility process questionnaire will help end-users compare how different products and services satisfy the CVE compatibility requirements, and therefore which specific implementations are best for their networks and systems.

For additional information about CVE compatibility and to review all products and services listed, visit the CVE Compatibility Process and CVE-Compatible Products and Services.

CXSecurity Makes Declaration of CVE Compatibility

CXSecurity declared that its vulnerability database World Laboratory of Bugtraq (WLB), is CVE-Compatible. For additional information about this and other CVE-compatible products, visit the CVE-Compatible Products and Services section.

MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2012

MITRE has announced its initial Making Security Measurable calendar of events for 2012. Details regarding MITRE’s scheduled participation at these events are noted on the CVE Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.

RSA Conference 2012, February 27-March 2, 2012
InfoSec World Conference & Expo 2012, April 2-4, 2012
Black Hat Briefings 2012, July 25-26, 2012
Information Assurance Expo 2012, August 27-30, 2012
Black Hat DC 2012, November 1-2, 2012

Other events may be added throughout the year. Visit the CVE Calendar for information or contact cve@mitre.org to have MITRE present a briefing or participate in a panel discussion about CVE, CCE, CPE, CAPEC, CybOX, CWE, MAEC, CEE, OVAL, Software Assurance, and/or Making Security Measurable at your event.

December 29, 2011

CVE Mentioned in Department of Homeland Security’s "Blueprint for a Secure Cyber Future"

CVE is mentioned in the December 12, 2011 release of the U.S. Department of Homeland Security’s "Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise" on the DHS Web site.

The blueprint, as described on the DHS blog, "outlines an integrated approach to enable the homeland security community to leverage existing capabilities and promote technological advances that make government, the private sector and the public safer, more secure, and more resilient online. Specific actions outlined in the strategy range from hardening critical networks and prosecuting cybercrime to raising public awareness and training a national cybersecurity workforce. Cybersecurity is a shared responsibility, and each of us has a role to play. In today’s interconnected world, emerging cyber threats require the engagement of our entire society including government and law enforcement, the private sector, and members of the public. In preparing this strategy, the Department benefited from the constructive engagement of representatives from state and local governments, industry, academia, non-governmental organizations, and many dedicated individuals from across the country. As we implement this strategy, DHS will continue to work with partners across the homeland security enterprise to implement the goals outlined in the Blueprint."

CVE is mentioned in the blueprint itself as one of two "Core capabilities for the homeland security enterprise in the "Increase Technical and Policy Interoperability Across Devices" subsection of the "Build Collaborative Communities" section of the blueprint, as follows: "On a device-to-device level, strengthen collaboration, create new intelligence, hasten learning, and improve situational awareness … A proven ability to communicate about cyber incidents through standardized dictionaries of key informational elements, including software vulnerabilities, weaknesses, patterns of attack, and malware classification as well as security content that is structured for automated sharing where appropriate. Resources include the National Vulnerability Database, Common Vulnerabilities and Exposures (CVE), and the Information Assurance Checklists housed on the National Checklist Program."

The blueprint is available for free download at http://www.dhs.gov/files/publications/blueprint-for-a-secure-cyber-future.shtm.

Beijing Venustech Security Inc. Makes Declaration of CVE Compatibility

Beijing Venustech Security Inc. declared that its unified threats management firewall, Venusense Unified Security Gateway, is CVE-Compatible. For additional information about this and other CVE-compatible products, visit the CVE-Compatible Products and Services section.

TrustSign Makes Declaration of CVE Compatibility

TrustSign declared that its vulnerability assessment and remediation service, Selos de Segurança, is CVE-Compatible. For additional information about this and other CVE-compatible products, visit the CVE-Compatible Products and Services section.

December 12, 2011

CVE-IDs Now Mapped to DISA’s Information Assurance Vulnerability Alerts

CVE-IDs are now mapped to the U.S. Defense Information System Agency’s (DISA) Information Assurance Vulnerability Management (IAVM) alerts, free downloads of which are available in Microsoft Excel (XLS) and Extensible Markup Language (XML) format on DISA’s public Security Technical Implementation Guides (STIG) Web site.

CVE Included in Article about Tool that Automatically Detects Vulnerabilities in Embedded Linux Libraries in SC Magazine

CVE was included in a November 22, 2011 article entitled "Tool kills hidden Linux bugs, vulnerabilities" on SCMagazine.com. The tool, which "automatically detecting bugs and vulnerabilities in embedded Linux libraries," uses CVE-IDs to perform the analysis. The tool "correlates vulnerability advisory CVEs for third party libraries to determine if holes have carried over to Linux platforms or have not been patched" and is meant to replace what was previously a manual process. The tool was created by Australian researcher Silvio Cesare as part of his PhD at Deakin University Australia. The author concludes the article by stating that the researcher intends to "publish an academic paper on the subject and plans to [similarly] conduct binary analysis for Windows platforms."

Page Last Updated: January 24, 2012