|
|
CVE compatibility enables enterprise security through the use of shared CVE IDs, changing the way organizations use security tools, services, and data sources to address their operational security posture.
In a CVE-enabled process, CVE-Compatible vulnerability services, databases, websites, and tools can cross-link with other compatible tools and data sources. In this example, an organization is able to detect an ongoing attack with its CVE-Compatible IDS system (A). In a CVE-compatible IDS, specific vulnerabilities that are susceptible to the detected attack are provided as part of the attack report. This information can then be compared against the latest vulnerability scan by your CVE-Compatible scanner (B) to determine whether your enterprise has one of the vulnerabilities or exposures that can be exploited by the attack. If it does, you can then access a CVE-compatible site with patches and workarounds for known vulnerabilities at the vendor of the software product, or you can use the services of a vulnerability website, which lets you identify (C) the location of the fix for a CVE entry (D), if one exists.
Using CVE-Compatible products also allows you to improve how your organization responds to security advisories. If the advisory is CVE-Compatible, you can see if your scanners check for this threat and then determine whether your IDS has the appropriate attack signatures. If you build or maintain systems for customers, the CVE compatibility of advisories will help you to directly identify any fixes from the vendors of the commercial software products in those systems (if the vendor fix site is CVE-Compatible). The result is a much more structured and predictable process for handling advisories than most organizations currently possess.
Please follow these CVE Compatibility Guidelines to make your product or service "CVE Compatible."