1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Over 6,000 vulnerabilities went unassigned by MITRE's CVE project in 2015

Discussion in 'CSO' started by RSS, Sep 22, 2016.

  1. RSS

    RSS New Member Member

    In 1999, MITRE created the Common Vulnerabilities and Exposures (CVE) database as a way to standardize the naming of disclosed vulnerabilities. Seventeen years later, the CVE system is faced with bottlenecks and coverage gaps, as thousands of vulnerabilities go without CVE-ID assignments.

    These gaps are leaving business leaders and security teams exposed to vulnerabilities their security products, which rely on CVE-IDs to function and assess risk, don't even know exist in some cases.

    Before CVE existed, the public had access to IBM X-Force (1997) and the SecurityFocus’ BID database, which was established around six months before CVE. Each had their own methods of tracking and disclosing vulnerabilities, and this led to a situation where there wasn't an easy way to determine if the different databases tracking such problems were referring to the same thing. MITRE Corporation, seeing an opportunity, created CVE to fix these issues.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page