Frequently Asked Questions (FAQ)

What is the CVE standard ?

CVE is a standard launched in 1999 by MITRE, a non-profit organization that runs federally sponsored research and development centers to identify and catalog vulnerabilities into a free "dictory" for organizations to enhance their security.

The main purpose is to standardize the identification of each known vulnerability or exposure. Standard IDs (i.e.: CVE-YYYY-NNNN) enable security administrators to access specific threat technical information across multiple CVE-compatible sources of information.

CVE is sponsored by US-CERT within the Cybersecurity and Information Assurance (OCSIA) Department of Homeland Security (DHS).

What is the CWE standard ?

Common Weakness Enumeration (CWE) is a computer software universal online dictionary of weaknesses found.

What is the CVSS standard ?

The Common Vulnerability Scoring System (CVSS) is open and free for industry to assess the seriousness of vulnerabilities in software security and is used in software for vulnerability management. CVSS provides scores of vulnerabilities due to the threat's seriousness. Considering several metrics, scores are calculated. Scores are given between 0-10, with 10 being the most critical one.

What is a vulnerability ?

A vulnerability, according to the CVE website, is a software code error that provides direct access to a system or network to an attacker. It could allow an attacker to pose with full access privileges as a super-user or system administrator.

What is an exposure ?

An exposure is an error that allows an attacker to access a system or network indirectly. It could allow an attacker to collect information about the customer that could be sold.

What should I do if I have questions?

Send us comments or questions by contacting us