 |
 |
 |
 |
| |
|||||
|
|
|
Home > News & Events > Media Relations > News Releases > 2002 > | |||||||||||||||
| MITRE's CVE Lexicon of Information Security Vulnerabilities Surpasses 2,000 Entries FOR IMMEDIATE RELEASE MITRE Contacts: Karina H. Wright Eryn L. Gallagher Bedford, Massachusetts, March 28, 2002 — The MITRE Corporation today announced that its Common Vulnerabilities and Exposures (CVE) dictionary has recorded more than 2,000 entries identifying specific computer vulnerabilities and exposures. An international security community initiative, CVE (cve.mitre.org) is the first lexicon that provides standardized names and descriptions for publicly known information security vulnerabilities and exposures. CVE's common names make it easier to share data across separate network security databases and tools that are CVE-compatible. CVE also provides a baseline for evaluating the coverage of an organization's security tools. The 2,000+ entries are a direct result of the work of the CVE Editorial Board, which over the last three years has increased to 49 organizations from industry, government, and academia around the world. "This is an excellent example of the ongoing momentum of the CVE Initiative," said MITRE's CVE Project Leader Margie Zuk. "When we started in 1999 there were 321 official entries on the list and now there are 2,032, with an additional 1,994 candidate entries now being reviewed. This new milestone, along with growth in Editorial Board membership, strong increases in the numbers of organizations declaring their products and services CVE-compatible, and growing international participation, shows how fully the information security community has embraced the CVE Initiative." Zuk added that CVE entries are included in the SANS/FBI "Twenty Most Critical Internet Security Vulnerabilities" consensus list, helping system administrators who use CVE-compatible products and services make their networks more secure. The CVE Initiative also experienced extraordinary growth in the number of organizations committing to make their security products and services CVE-compatible. In total, 49 organizations from industry, government, and academia worldwide have declared that 75 network security products or services are or will be CVE-compatible. These organizations include BindView, the CERIAS Center at Purdue University, Cisco Systems, Harris, Internet Security Systems (ISS), the (USA) National Institute of Standards and Technology, Network Associates, SecurityFocus, and Symantec, among many others. International participation in the initiative has also increased significantly. Seven members of the CVE Editorial Board are from outside the U.S., and 14 international organizations from seven countries around the world have committed to making their network security product and services CVE-compatible. The number of vendors that have included CVE candidate numbers in their security advisories has increased to 21, and more than 300 candidates have appeared in vulnerability advisories to date. Including candidate numbers in advisories ensures that the community benefits by having CVE names as soon as the problem is announced. Organizations including candidate numbers on a regular basis are CERT/CC, ISS, Microsoft, and Red Hat. "This ongoing, across-the-board growth truly exemplifies the important part CVE is playing in the global security community," concluded Zuk. "This can only improve even further as more vendors around the world and their customers embrace CVE compatibility in securing the enterprise." MITRE (www.mitre.org) is a not-for-profit company that provides systems engineering, research and development, and information technology support to the government. Chartered to work in the public interest, it operates federally funded research and development centers for the Department of Defense, the Federal Aviation Administration, and the Internal Revenue Service, with principal locations in Bedford, Massachusetts, and McLean, Virginia.
Page last updated: March 8, 2004 | Top of page |
Solutions That Make a Difference.® |
|
|
