A dictionary for vulnerabilities
If you ever read security vulnerabilities you eventually run into a notation looking like "CVE-2002-0947." This is a standard naming convention for vulnerabilities called Common Vulnerabilities and Exposures (CVE). CVE is administered by a company called Mitre, a non-profit company that operates governmental research facilities and other such cool things. In addition to hosting the CVE list, Mitre acts as the editor for aspects of list development. But the most important decisions are made by an editorial board with representatives of security and software firms.
CVE is an important part of modern security efforts but it could be more important. The main function of CVE is to provide security-related programs a common naming set for vulnerabilities on which they may operate. Security products, vulnerability scanners for example, usually provide mappings to CVE names. For example, Netcraft has a network vulnerability scanning service called Netcraft Network Examination which provides mappings to CVE names for the vulnerabilities it finds. The CVE site has a list of CVE-compatible products, including an entry for Netcraft.
[ Read more ]