About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
News & Events
What's New at MITRE
Media Relations
MITRE Publications
Social Networking, Mobile Apps, and RSS Feeds

Follow Us:
Visit MITRE on Facebook
Visit MITRE on Twitter
Visit MITRE on Linkedin
Visit MITRE on YouTube
View MITRE's RSS Feeds
View MITRE's Mobile Apps
Home > News & Events > Media Relations > News Releases > 2000 >

MITRE's Information Security Dictionary Reaches Important Milestones

Microsoft, Ernst & Young Join Editorial Board

FOR IMMEDIATE RELEASE

MITRE Contacts:

Karina H. Wright
(703) 983-6125


Eryn L. Gallagher
(781) 271-3782

Bedford, Massachusetts, February 3, 2000 — The MITRE Corporation today announced new milestones in its unique Common Vulnerabilities and Exposures (CVE) dictionary, the first publicly available lexicon that provides standardized names and descriptions for publicly known information security vulnerabilities and exposures. CVE makes it easier to share data across separate vulnerability databases and security tools.

CVE's announcement last September was the result of a collaboration between MITRE, an independent, not-for profit company chartered to work for the government in the public interest, and 19 major security organizations that made up the CVE editorial board, including CERT Coordination Center, the SANS Institute, Network Associates, IBM Research, Cisco Systems and Internet Security Systems (ISS).

Since September, CVE (cve.mitre.org) has reached several important milestones:

Seven new organizations are now represented on the CVE editorial board: Microsoft, Ernst & Young, Canadian CERT, GTE Internetworking, Hiverworld, ODS Networks, and Vista IT, bringing the total to 26.

The number of CVE entries has reached 503, representing a 57% increase over the original entries.

Nine members of the information security community have incorporated CVE into their products. Eight others have publicly declared their intentions to do so.

Since its inception, CVE now has increased international reach and acceptance, including Canadian CERT, Alliance Qualitie Logiciel and CYRANO.

CVE is now included in daily incident reports from the SANS Institute's Global Incident Analysis Center (GIAC). Further, the Computer Emergency Response Team Coordination Center (CERT) and MITRE have established a communication channel that will allow CVE names to be included in future CERT advisories. The GIAC reports and CERT advisories, both available as public services, allow readers to get current information about vulnerabilities that hackers might be exploiting. CVE's inclusion permits users to more easily correlate vulnerability information.

Finally, proposed CVE entries (known as "candidates") have for the first time become publicly available on the latest version of MITRE's CVE web site, which was released today. These 535 candidates are being considered by the editorial board for possible inclusion in the CVE list.

"CVE's growth has exceeded even our own optimistic expectations," says editorial board chair Steve Christey, a MITRE senior software analyst. "The rate at which it's being adopted is a good indicator of how strongly the information security community feels about information-sharing. We continue to see new uses of CVE in different areas of information security."

 

Page last updated: March 4, 2004   |   Top of page

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us