View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
August 14, 2005

Homeland Security launches vulnerability database

The US Department of Homeland Security is trying to simplify the task of managing security patches by funding a new National Vulnerability Database, launched last week by the National Institute of Standards and Technology.

By CBR Staff Writer

The new service, at https://nvd.nist.gov, integrates all publicly available US government resources on vulnerabilities and provides links to many industry resources and is built upon the Common Vulnerabilities and Exposures list.

For those trying to prevent such attacks, keeping up with the 300 or so new vulnerabilities discovered each month can be an overwhelming task, especially since a single flaw can be known by numerous names, NIST said in a statement.

Unlike the longstanding CVE list, maintained by The MITRE Corp, which is keyword searchable, the NVD is a database that allows users to slice and dice the data to more quickly look up specific types of vulnerabilities or specific vulnerable products.

For example, a search for Windows XP vulnerabilities entered in 2005 returns 45 hits, 2% of all the vulnerabilities reported during that period. Searching for vulnerabilities in all Cisco Systems products reveals 47 hits.

Users can also specify the severity of the vulnerability and, at a high level, how easy an exploit is. The database indicates there have been 620 high severity vulnerabilities reported so far this year, 456 of which are remotely exploitable.

There were 12,003 vulnerabilities in the database following Friday’s update. And the web site claims the database is growing at the rate of eight new vulnerabilities per day, the web site indicates.

The NVD site also publishes an arbitrary measure of workload, the Vulnerability Workload Index, which in snapshot reveals very little of use, but over time could prove an interesting trend indicator an a useful tool for squeezing budget.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

This metric is currently 3.17, the 30-day average number of high severity vulnerabilities being revealed per day, where medium severity vulnerabilities count as 20% of a high severity one and low severity vulnerabilities count as 5% of a high severity.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU