CVE is a standard launched in 1999 by MITRE, a non-profit organization that runs federally sponsored research and development centers to identify and catalog vulnerabilities iinto a free "dictory" for organizations to enhance their security.
The main purpose is to standardize the identification of each known vulnerability or exposure. Standard IDs (i.e.: CVE-YYYY-NNNN) enable security administrators to access specific threat technical information across multiple CVE-compatible sources of information.
CVE is sponsored by US-CERT within the Cybersecurity and Information Assurance (OCSIA) Department of Homeland Security (DHS).
Common Weakness Enumeration (CWE) is a computer software universal online dictionary of weaknesses found.
The Common Vulnerability Scoring System (CVSS) is open and free for industry to assess the seriousness of vulnerabilities in software security and is used in software for vulnerability management. CVSS provides scores of vulnerabilities due to the threat's seriousness. Considering several metrics, scores are calculated. Scores are given between 0-10, with 10 being the most critical one.
A vulnerability, according to the CVE website, is a software code error that provides direct access to a system or network to an attacker. It could allow an attacker to pose with full access privileges as a super-user or system administrator.
An exposure is an error that allows an attacker to access a system or network indirectly. It could allow an attacker to collect information about the customer that could be sold.
Send us comments or questions by contacting us