|
|
CVE in Use
As the international industry standard for information security vulnerability and exposure names, CVE Identifiers are included in numerous products and services and are the foundation of others. CVE also helps in
Making Security Measurable
.
|
|
|
|
|
GOVERNMENT
|
|
Uses CVE-IDs to uniquely identify the vulnerabilities they report.
Sponsor
:
NSCD
|
|
National Institute of Standards and Technology (NIST) recommends use of CVE by U.S. agencies in two 2002 Special Publications: "
800-51: Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme" & "800-40: Procedures for Handling Security Patches.
"
Sponsor
:
NSCD
|
|
U.S. Defense Information Systems Agency (DISA) issued a task order in June 2004 for information assurance applications for the Department of Defense (DoD) that requires the use of products that use CVE-IDs.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
COMMUNITY
|
|
Uses CVE-IDs to uniquely identify the vulnerabilities it describes.
|
|
Derived from CVE vulnerability trends, the 2007 edition also includes CVE-IDs to identify examples of the vulnerabilities described.
|
|
A formal dictionary of software weaknesses types, CWE is based in part on the CVE List.
Sponsor
:
NSCD
|
|
A standard for determining vulnerability and configuration issues on computer systems, CVE-IDs are the primary references for "OVAL Vulnerability Definitions," which test systems for the presence of CVEs.
Sponsor
:
NSCD
|
|
|
|
|
|
|
|
|
