About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
News & Events
What's New at MITRE
Media Relations
MITRE Publications
Social Networking, Mobile Apps, and RSS Feeds

Follow Us:
Visit MITRE on Facebook
Visit MITRE on Twitter
Visit MITRE on Linkedin
Visit MITRE on YouTube
View MITRE's RSS Feeds
View MITRE's Mobile Apps
Home > News & Events > Media Relations > News Releases >

MITRE Celebrates a Decade of Software Security with CVE

FOR IMMEDIATE RELEASE:

MITRE Contacts:

Karina H. Wright
(703) 983-6125


Eryn L. Gallagher
(781) 271-3782

BEDFORD, Mass., October 21, 2009 — The MITRE Corporation announced the 10th anniversary of the launch of the Common Vulnerabilities and Exposures dictionary, which provides researchers, software vendors, the security community, and end users with a global naming standard for identifying and sharing information about publicly known security vulnerabilities in software products.

The CVE database now contains more than 38,000 entries, each corresponding to a unique publicly known information security issue in a software product. Since its launch in 1999, users in government, industry, and academia have adopted CVE across the world as the authoritative source of data about critical software flaws. As an international information security effort, CVE continues to evolve through the input of experts at MITRE, its government sponsors, software vendors, and researchers.

"CVE is a great example of how MITRE has worked across agencies and among industry, government, and academia to foster advances in cybersecurity that support the national interest," said Robert Nesbit, senior vice president and general manager of MITRE's Center for Integrated Intelligence Systems.

A large variety of CVE-compatible products and services are used throughout industry and government agencies, and among researchers. These products and services address vulnerability management and alerts, intrusion detection, and patch management. In addition, CVE identifiers have been included in security advisories from 73 organizations, including major operating systems vendors.

The success of CVE and the other efforts it has inspired, including the U.S. National Vulnerability Database operated by the National Institute of Standards and Technology (NIST), eventually enabled the creation of NIST's Security Content Automation Protocol, or SCAP. As part of overall efforts over the last 10 years to help the security community produce automated standardized benchmarks, MITRE has developed four of the six security standards which comprise SCAP.

The four standards are:

CVE is used by SCAP for enumerating, evaluating, and measuring the impact of software problems. In addition, CVE is a requirement in U.S. Department of Defense contracts for vulnerability management capabilities.

About The MITRE Corporation

The MITRE Corporation (www.mitre.org) is a not-for-profit organization that provides systems engineering, research and development, and information technology support to the government. It operates federally funded research and development centers for the Department of Defense, the Federal Aviation Administration, the Internal Revenue Service and Department of Veterans Affairs, and the Department of Homeland Security, with principal locations in Bedford, Mass., and McLean, Va.

Page last updated: October 21, 2009   |   Top of page

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us