About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Employees Site Map
News & Events
What's New at MITRE
Press Center
MITRE Publications
RSS Feeds and Social Media

Share this page

Follow Us On:
Visit MITRE on Facebook
Visit MITRE on Twitter
Visit MITRE on YouTube
View MITRE's RSS Feeds
Home > News & Events > Press Center > News Releases > 2000 >

MITRE's Information Security Dictionary Reaches Important Milestones

Microsoft, Ernst & Young Join Editorial Board

FOR IMMEDIATE RELEASE

MITRE Contacts:

Jennifer J. Shearman
(781) 271-3430


Karina H. Wright
(703) 983-6125

Bedford, Massachusetts, February 3, 2000 — The MITRE Corporation today announced new milestones in its unique Common Vulnerabilities and Exposures (CVE) dictionary, the first publicly available lexicon that provides standardized names and descriptions for publicly known information security vulnerabilities and exposures. CVE makes it easier to share data across separate vulnerability databases and security tools.

CVE's announcement last September was the result of a collaboration between MITRE, an independent, not-for profit company chartered to work for the government in the public interest, and 19 major security organizations that made up the CVE editorial board, including CERT Coordination Center, the SANS Institute, Network Associates, IBM Research, Cisco Systems and Internet Security Systems (ISS).

Since September, CVE (cve.mitre.org) has reached several important milestones:

Seven new organizations are now represented on the CVE editorial board: Microsoft, Ernst & Young, Canadian CERT, GTE Internetworking, Hiverworld, ODS Networks, and Vista IT, bringing the total to 26.

The number of CVE entries has reached 503, representing a 57% increase over the original entries.

Nine members of the information security community have incorporated CVE into their products. Eight others have publicly declared their intentions to do so.

Since its inception, CVE now has increased international reach and acceptance, including Canadian CERT, Alliance Qualitie Logiciel and CYRANO.

CVE is now included in daily incident reports from the SANS Institute's Global Incident Analysis Center (GIAC). Further, the Computer Emergency Response Team Coordination Center (CERT) and MITRE have established a communication channel that will allow CVE names to be included in future CERT advisories. The GIAC reports and CERT advisories, both available as public services, allow readers to get current information about vulnerabilities that hackers might be exploiting. CVE's inclusion permits users to more easily correlate vulnerability information.

Finally, proposed CVE entries (known as "candidates") have for the first time become publicly available on the latest version of MITRE's CVE web site, which was released today. These 535 candidates are being considered by the editorial board for possible inclusion in the CVE list.

"CVE's growth has exceeded even our own optimistic expectations," says editorial board chair Steve Christey, a MITRE senior software analyst. "The rate at which it's being adopted is a good indicator of how strongly the information security community feels about information-sharing. We continue to see new uses of CVE in different areas of information security."

 

Page last updated: March 4, 2004   |   Top of page

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Serving as Architects of Information Advantage.™
Copyright © 1997-2009, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
MITRE Named to FORTUNE's "100 Best Companies to Work For" List for Eighth Straight Year MITRE Named to "Best Places to Work in IT" List for Fifth Consecutive Year
 

Privacy Policy | Contact Us