Common Vulnerabilities and Exposures (CVE)

Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.

Common Vulnerabilities and Exposures (CVE) is a catalog of known security threats. The catalog is sponsored by the United States Department of Homeland Security (DHS), and threats are divided into two categories: vulnerabilities and exposures.

According to the CVE website, a vulnerability is a mistake in software code that provides an attacker with direct access to a system or network. For example, the vulnerability may allow an attacker to pose as a superuser or system administrator who has full access privileges. An exposure, on the other hand, is defined as a mistake in software code or configuration that provides an attacker with indirect access to a system or network. For example, an exposure may allow an attacker to secretly gather customer information that could be sold.

The catalog's main purpose is to standarize the way each known vulnerability or exposure is identified. This is important because standard IDs allow security administrators to quickly access technical information about a specific threat across multiple CVE-compatible information sources. 

CVE is sponsored by US-CERT, the DHS Office of Cybersecurity and Information Assurance (OCSIA). MITRE, a not-for-profit organization that operates research and development centers sponsored by the U.S. federal government, maintains the CVE catalog and public Web site. It also manages the CVE Compatibility Program, which promotes the use of standard CVE identifiers by authorized CVE Numbering Authorities (CNAs).

This was first published in April 2015

Continue Reading About Common Vulnerabilities and Exposures (CVE)

Dig Deeper on Auditing, testing and assessment for financial services compliance

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close