Enterprise Security Enabled by CVE

Makeing products/service compatible with CVE enables enterprise security through the use of shared CVE IDs, changing the way organizations use security tools, services, and data sources to address their operational security posture.

A CVE-Enabled Process

In a CVE-enabled process, vulnerability services, databases, websites, and tools that are compatible with CVE can cross-link with other compatible tools and data sources. In thisThis image pictures the text that surrounds it example, an organization is able to detect an ongoing attack with its IDS system (A) that is compatible with CVE. In a IDS that is compatible with CVE, specific vulnerabilities that are susceptible to the detected attack are provided as part of the attack report. This information can then be compared against the latest vulnerability scan by your scanner (B) that is compatible with CVE to determine whether your enterprise has one of the vulnerabilities or exposures that can be exploited by the attack. If it does, you can then access a website that is compatible with CVE with patches and workarounds for known vulnerabilities at the vendor of the software product, or you can use the services of a vulnerability website, which lets you identify (C) the location of the fix for a CVE Entry (D), if one exists.

Identifying Your Risk

Using products and services that are compatible with CVE also allows you to improve how your organization responds to security advisories. If the advisory is compatible with CVE, you can see if your scanners check for this threat and then determine whether your IDS has the appropriate attack signatures. If you build or maintain systems for customers, advisories that are compatible with CVE will help you to directly identify any fixes from the vendors of the commercial software products in those systems (if the vendor fix site is compatible with CVE). The result is a much more structured and predictable process for handling advisories than most organizations currently possess.

How to Make Your Product/Service Compatible with CVE

Please follow these CVE Compatibility Guidelines to make your product or service compatible with CVE.

Page Last Updated or Reviewed: October 25, 2017