Printer Friendly

MITRE and Top Security Organizations Launch First Public Dictionary of Computer Vulnerabilities to Boost Cyber-Defense; Dictionary to Enhance Information Sharing and Improve Security Tools.

BEDFORD, Mass.--(BUSINESS WIRE)--Sept. 29, 1999--

The MITRE Corporation today announced the new Common Vulnerabilities and Exposures (CVE) initiative, the first publicly available dictionary that provides standardized names and descriptions for more than 300 publicly known information security vulnerabilities and exposures. CVE is expected to boost cyber defenses by making it easier to share data across separate vulnerability databases and security tools. MITRE, an independent, not-for profit company working in the public interest, developed the CVE list in cooperation with 19 major security organizations that make up the CVE Editorial Board, including CERT Coordination Center, IBM Research, Cisco Systems and Internet Security Systems (ISS).

"In the past, each security tool and vulnerability database used its own names for vulnerabilities and exposures. Without a common language to correlate pieces of vulnerability-related information, it was difficult to manage the output from the security tools that we use," said Pete Tasker, Executive Director of Security and Information Operations at MITRE. "CVE will help us better serve our sponsors and protect our security perimeter by making it easier to share information."

In addition to facilitating data sharing among Intrusion Detection Systems (IDSs), assessment tools, vulnerability databases, researchers and incident response teams, CVE will provide a basis to achieve security tool interoperability and comparisons across vendor platforms and facilitate vulnerability research.

"The CVE naming standard developed by MITRE represents a significant leap forward for the information security industry and end user community," said Christopher Klaus, founder and chief technology officer of Internet Security Systems. "As a technology pioneer and leading provider of security management software and services, ISS is pleased to be a part of this important initiative as we move toward a standard that is crucial to the effective protection of every organization's critical digital assets."

The comparative research made possible by CVE is expected to lead to enhanced security tools and further innovations in information security.

"CVE is a scientific necessity," said Bill Fithen, senior analyst, Computer Emergency Response Team (CERT). "It will facilitate improved communication among information assurance professionals in many ways. We believe there will be many beneficiaries of the CVE: system and network administrators, IT managers, security product consumers, researchers, teachers, and students."

The CVE Editorial Board includes representatives from top security-related organizations from the private, academic and government sectors. Editorial board members include: AXENT Technologies, The Ballistic Missile Defense Organization, BindView Development, Bugtraq, CyberSafe, CERIAS/Purdue University, Harris Corp. (STAT Operations), L-3 Network Security, Network Associates Inc. (NAI), Network Flight Recorder (NFR), NTBugtraq, SANS Institute,, Silicon Defense and University of California - Davis.

MITRE plans to make CVE available to the public through a web site ( scheduled for release on Wednesday. MITRE, an independent, not-for-profit company providing technical support to the government in the public interest, is a center of excellence for information assurance.
COPYRIGHT 1999 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1999, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Date:Sep 29, 1999
Previous Article:Translation Group Completes Payment for Planet Access Networks.
Next Article:Compaq Names Yvonne R. Jackson Senior Vice President, Human Resources.

Related Articles
Cyber-Crime Fighters: Recognizing their own vulnerabilities, insurers tighten security for their online operations. (Technology).
Cyber-risks create coverage gaps: the internet poses a large risk for corporations, whose general liability policies often don't provide proper...
Cyber security: key to homeland security. (Up front: news, trends & analysis).
Cyber terrorism. (Security).
Uncle Sam may not monitor e-mails. (Up front: news, trends & analysis).
The global threat to information technology security. (Software Intelligence: Security).
Federal government falls short in Cybersecurity.
Homeland security offers alerts warning of e-mail viruses.
Homeland defence research agency directs attention to cyber security.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters