A Progress Report on the CVE Initiative
June 2002
Robert A. Martin, The MITRE Corporation
Steven M. Christey, The MITRE Corporation
David W. Baker, The MITRE Corporation
ABSTRACT
Organizations around the world, in every type of industry and market, are moving towards networks based on the Internet protocols. In addition, third-party software has become a critical element to these organizations and the infrastructure of networks, utilities, and services they rely upon to function. That means the software problems in these commercial and open source software products can quickly cause significant difficulties for any organization. When such software problems have security implications, they are referred to as "vulnerabilities."
This paper and presentation provide a comprehensive discussion of what the Common Vulnerabilities and Exposures (CVE) Initiative is, where it is going, how it works, and how it is transforming the international information security tools and services offerings in the market to facilitate the sharing of security-related information on vulnerabilities within organizations and amongst the information security community.

Additional Search Keywords
vulnerabilities, software security, information security standards, vulnerability naming standards, system security
|