MITRE and Top Security Organizations Launch First Public Dictionary of Computer Vulnerabilities to Boost Cyber-Defense; Dictionary to Enhance Information Sharing and Improve Security Tools.BEDFORD, Mass.--(BUSINESS WIRE)--Sept. 29, 1999--
The MITRE Corporation (body) MITRE Corporation - A US federally funded R&D center, spun off in 1958 from the MIT Lincoln Laboratory (also an FFRDC). MITRE is a non-profit corporation chartered to do R&D in the public interest. today announced the new Common Vulnerabilities and Exposures (CVE (Common Vulnerabilities and Exposures) A list of information security exposures and vulnerabilities sponsored by US-CERT and maintained by the MITRE Corporation. ) initiative, the first publicly available dictionary that provides standardized names and descriptions for more than 300 publicly known information security vulnerabilities and exposures. CVE is expected to boost cyber defenses by making it easier to share data across separate vulnerability databases and security tools. MITRE, an independent, not-for profit company working in the public interest, developed the CVE list in cooperation with 19 major security organizations that make up the CVE Editorial Board, including CERT Coordination Center The CERT Coordination Center was created by DARPA in November 1988 after the Morris worm struck. It is a major coordination center in dealing with internet security problems. , IBM Research IBM Research, a division of IBM, is a research and advanced development organization and currently consists of eight locations throughout the world and hundreds of projects. , Cisco Systems and Internet Security Systems (ISS ISS
See Institutional Shareholder Services (ISS). ).
"In the past, each security tool and vulnerability database used its own names for vulnerabilities and exposures. Without a common language to correlate pieces of vulnerability-related information, it was difficult to manage the output from the security tools that we use," said Pete Tasker, Executive Director of Security and Information Operations at MITRE. "CVE will help us better serve our sponsors and protect our security perimeter by making it easier to share information."
In addition to facilitating data sharing among Intrusion Detection Systems (IDSs), assessment tools, vulnerability databases, researchers and incident response teams, CVE will provide a basis to achieve security tool interoperability and comparisons across vendor platforms and facilitate vulnerability research.
"The CVE naming standard developed by MITRE represents a significant leap forward for the information security industry and end user community," said Christopher Klaus, founder and chief technology officer of Internet Security Systems. "As a technology pioneer and leading provider of security management software and services, ISS is pleased to be a part of this important initiative as we move toward a standard that is crucial to the effective protection of every organization's critical digital assets."
The comparative research made possible by CVE is expected to lead to enhanced security tools and further innovations in information security.
"CVE is a scientific necessity," said Bill Fithen, senior analyst, Computer Emergency Response Team (CERT). "It will facilitate improved communication among information assurance professionals in many ways. We believe there will be many beneficiaries of the CVE: system and network administrators, IT managers, security product consumers, researchers, teachers, and students."
The CVE Editorial Board includes representatives from top security-related organizations from the private, academic and government sectors. Editorial board members include: AXENT Technologies, The Ballistic Missile Defense Organization Noun 1. Ballistic Missile Defense Organization - an agency in the Department of Defense that is responsible for making ballistic missile defense a reality
BMDO , BindView Development, Bugtraq, CyberSafe, CERIAS/Purdue University, Harris Corp. (STAT Operations), L-3 Network Security, Network Associates Inc. (NAI See Network Associates. ), Network Flight Recorder (NFR (Near Field Recording) See near field optics and Terastor. ), NTBugtraq, SANS Institute, SecurityFocus.com, Silicon Defense and University of California The University of California has a combined student body of more than 191,000 students, over 1,340,000 living alumni, and a combined systemwide and campus endowment of just over $7.3 billion (8th largest in the United States). - Davis.
MITRE plans to make CVE available to the public through a web site (cve.mitre.org) scheduled for release on Wednesday. MITRE, an independent, not-for-profit company providing technical support to the government in the public interest, is a center of excellence for information assurance.