MITRE and Top Security Organizations Launch First Public Dictionary of Computer Vulnerabilities to Boost Cyber-Defense

Dictionary to Enhance Information Sharing and Improve Security Tools

FOR IMMEDIATE RELEASE

Bedford, Massachusetts, September 29, 1999 — The MITRE Corporation today announced the new Common Vulnerabilities and Exposures (CVE) initiative, the first publicly available dictionary that provides standardized names and descriptions for more than 300 publicly known information security vulnerabilities and exposures. CVE is expected to boost cyber defenses by making it easier to share data across separate vulnerability databases and security tools. MITRE, an independent, not-for profit company working in the public interest, developed the CVE list in cooperation with 19 major security organizations that make up the CVE Editorial Board, including CERT Coordination Center, IBM Research, Cisco Systems and Internet Security Systems (ISS).

"In the past, each security tool and vulnerability database used its own names for vulnerabilities and exposures. Without a common language to correlate pieces of vulnerability-related information, it was difficult to manage the output from the security tools that we use," said Pete Tasker, Executive Director of Security and Information Operations at MITRE. "CVE will help us better serve our sponsors and protect our security perimeter by making it easier to share information."

In addition to facilitating data sharing among Intrusion Detection Systems (IDSs), assessment tools, vulnerability databases, researchers and incident response teams, CVE will provide a basis to achieve security tool interoperability and comparisons across vendor platforms and facilitate vulnerability research.

"The CVE naming standard developed by MITRE represents a significant leap forward for the information security industry and end user community," said Christopher Klaus, founder and chief technology officer of Internet Security Systems. "As a technology pioneer and leading provider of security management software and services, ISS is pleased to be a part of this important initiative as we move toward a standard that is crucial to the effective protection of every organization's critical digital assets."

The comparative research made possible by CVE is expected to lead to enhanced security tools and further innovations in information security.

"CVE is a scientific necessity," said Bill Fithen, senior analyst, Computer Emergency Response Team (CERT). "It will facilitate improved communication among information assurance professionals in many ways. We believe there will be many beneficiaries of the CVE: system and network administrators, IT managers, security product consumers, researchers, teachers, and students."

The CVE Editorial Board includes representatives from top security-related organizations from the private, academic and government sectors. Editorial board members include: AXENT Technologies, The Ballistic Missile Defense Organization, BindView Development, Bugtraq, CyberSafe, CERIAS/Purdue University, Harris Corp (STAT Operations), L-3 Network Security, Network Associates Inc. (NAI), Network Flight Recorder (NFR), NTBugtraq, SANS Institute, SecurityFocus.com, Silicon Defense and University of California - Davis.

MITRE plans to make CVE available to the public through a web site scheduled for release on Wednesday (cve.mitre.org). MITRE, an independent, not-for-profit company providing technical support to government in the public interest, is a center of excellence for information assurance.

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.

Privacy Policy | Contact Us