News and Events 2000 Archives

November 11, 2000

• CVE Exhibits at FedCIRC Conference, November 7-8
  MITRE hosted a CVE exhibitor booth at FEDCIRC Conference , November 7-8, 2000, at the University of Maryland, University College, MD. Federal Computer Incident Response Capability ( FedCIRC ) is the central coordination and analysis facility that deals with computer security-related issues affecting the civilian agencies and departments of the Federal Government. The conference was successful and introduced CVE and CVE-compatible products to a variety of representatives from government and academia, as well as other computer security specialists.

November 3, 2000

• CVE Hosts Booth at SANS Network Security 2000, October 15-22
  MITRE hosted a CVE exhibitor booth at SANS Network Security 2000 , October 15-22, 2000 in Monterey, CA. The conference, at which CVE promoted its 1,000 entries milestone celebration , was successful and introduced CVE and CVE-compatible products to a diverse audience of security and audit professionals and system and network administrators.
  
  
• CVE Hosts Booths at 23 ^rd National Information Systems Security Conference, October 16-19
  MITRE hosted a CVE exhibitor booth at the 23rd National Information Systems Security Conference , October 16-19, 2000 in Baltimore, MD. CVE promoted its 1,000 entries milestone celebration at the conference and also introduced CVE and CVE-compatible products to a variety of information security professionals, network managers, technology directors, chief information officers, engineering managers, and other representatives from government, industry, and academia across the country and around the world. The conference was co-sponsored by the National Institute of Standards and Technology ( NIST ) and the National Computer Security Center.

October 16, 2000

• CVE Achieves 1,000 Entries Milestone!
  CVE has achieved a major milestone of 1,000 official entries. Since its inception in September 1999, CVE has grown from 321 entries to more than 1,077, with another 700 candidates currently pending. The milestone is also further evidence that the information security community has embraced the CVE Initiative. To date, 26 developers of vulnerability databases and tools have declared that their products are or will be CVE-compatible. Read the MITRE news release .

September 22, 2000

• Troy Bollinger joins CVE Editorial Board
  Troy Bollinger of IBM is the newest member of the CVE Editorial Board .
  
  
• CVE to Host Booth at SANS Network Security 2000 October 15-22
  MITRE is scheduled to host a CVE exhibitor booth at SANS Network Security 2000 October 15-22, 2000 at the Doubletree Marriott and Monterey Conference Center in Monterey, CA. This sixth annual conference on securing networks and systems is targeted to security and audit professionals and system and network administrators.
  
  
• CVE to Host Booth at 23 ^rd National Information Systems Security Conference October 16-19
  MITRE is scheduled to host a CVE exhibitor booth at the 23rd National Information Systems Security Conference October 16-19, 2000 at the Baltimore, MD Convention Center, in Baltimore, MD. The conference is co-sponsored by the National Institute of Standards and Technology ( NIST ) and the National Computer Security Center, and is targeted to information security professionals, network managers, technology directors, chief information officers, engineering managers, and other representatives from government, industry, and academia across the country and around the world. The exposition is sponsored by AFCEA .

August 30, 2000

• CVE Launches New Web Site
  CVE has upgraded its Web site with new information and new functionality to better serve our users. New information includes a revised "Get CVE" page for viewing, downloading, or searching the CVE list; a description of the CVE naming process; an updated "CVE-Compatible Products" page; and free e-newsletters, among other improvements.
  
  New features include:
  
  
  • Improved Access to the CVE List
    The new Get CVE page combines the View CVE, Search CVE, and Download CVE options in a single location for one-stop access to the CVE list and the candidates. In addition to this improved ease-of-use feature, the new page also has Search Tips , information on How to Read a CVE Entry and CVE Candidates , a description of CVE Versions including "reference versions," and a list of CVE Data Sources .
    
    
  • New CVE Functionality
    In addition to the enhanced functionality noted above for quicker access to CVE, the Get CVE page now also offers reference maps , which allow users who know the name of a reference (e.g., a security advisory) to more easily locate the associated CVE name.
    
    
  • Thorough Description of the CVE Naming Process
    How does a security vulnerability or exposure become a CVE entry? This new section of the site, the CVE Naming Process , gives you everything you need to know about candidates, how they are reviewed by the CVE Editorial Board for possible inclusion in CVE, and also details about what information is included in a CVE entry.
    
    
  • Updated Compatible Products Page
    The CVE-Compatible Products section of the Web site has been updated with new products and information. The declarations also now include a "Last Updated" date for each product so you can tell when a product/database was declared as CVE-compatible or is planned to become CVE-compatible. A new feature of this section is CVE-Compatible Products Requirements , which details the process for determining CVE compatibility; notes prerequisites; and cites specific requirements for security tools, Web sites, and repositories.
    
    
  • FREE Newsletters
    CVE is now offering two free e-newsletters that you can receive directly in your email mailbox. "CVE-Announce" provides general information about the latest CVE news and events, and "CVE-Data-Update" with reports of new CVE entries and/or candidates and other detailed technical information regarding CVE. The newsletters are sent once per week or less, and you may sign up for either or both lists.
    
    
  • Upgraded News & Events Section
    The News & Events section of the new site offers a running list of the latest and breaking CVE news; an Event Calendar that notes which conferences and other events at which CVE will be delivering presentations, exhibiting, or attending; an ongoing list of news articles and other mentions of CVE In the News ; and a Press View page for news organizations interested in covering the CVE Initiative.
    
    
  • Other Improvements
    The new site also includes direct access to information on CVE Editorial Board Meetings , a link to the Board Mail Archives , and the most recent list of Board Members ; a new page entitled CVE Illustrated which provides a graphical representation of the CVE trade show booth experience; an extended collection of CVE-related Documents ; and an updated FAQ .

August 18, 2000

• CVE Candidate Number Included in CERT/CC Security Advisory
  CERT/CC recently released a security advisory that included a CVE candidate number. The advisory, "CERT Advisory CA-2000-17," identified CAN-2000-0666 and offered a URL to CVE for more information.
  
  
• CVE Cited in Article on Security Strategies in InfoSecuritymag.com
  CVE received a strong mention in a recent article on InfoSecuritymag.com . The article, entitled "Secure strategies: A year-long series on the fundamentals of information systems security" , covers the topic of vulnerability assessment and is part two of a four-part series on information systems security testing. The author cited CVE as "trying to bring some order to the world of security vulnerabilities," described what CVE is and is not, provided a good overview of the basic requirements for CVE-compatible products, and included the CVE Web site address.

August 15, 2000

• Editorial Board Holds Meeting
  The CVE Editorial Board held a face-to-face meeting on August 14-15, 2000 in Denver, Colorado . Topics of discussion included a process for rejecting or modifying CVE candidates and entries, guaranteeing the validity of candidates before they are accepted into CVE, the use of CVE references, issues related to producing a Common Intrusion Event List (CIEL) to provide a naming standard for IDS events, CVE compatibility, establishing software vendor liaisons to the Board, voting on candidates, and content decisions.

July 27, 2000

• Tivoli Makes CVE Compatibility Declaration
  Tivoli Systems, Inc., an IBM company, has declared that their SecureWay Risk Manager is CVE-compatible. For additional information about this and other CVE-compatible products, visit the CVE-Compatible Products page.

July 21, 2000

• CVE Referenced in Computerworld Article
  CVE was referenced in a recent article on Computerworld.com entitled, "Security, the Way It Should Be" . The article discusses various approaches to improving security and in a section on code review refers to CVE as "a widely accepted archive of security problems found in software and hardware" along with a link to the CVE Web site.

July 12, 2000

• CVE Version 20000712 Released
  CVE version 20000712 has been released. It has 115 new entries, for a total of 815 entries. In addition, it includes several entries for security problems whose initial public announcement contained candidate numbers: CVE-2000-0249, CVE-2000-0303, CVE-2000-0304, CVE-2000-0305, CVE-2000-0350, and CVE-2000-0376. More information for this new version is available.

July 5, 2000

• Editorial Board Holds Teleconference
  The Editorial Board held a teleconference on June 29, 2000, with eight Board members participating. Topics included the daily operations of the Editorial Board, the role of MITRE in conducting Board operations, how MITRE converts raw vulnerability information into candidates, CVE accuracy and timeliness, content decisions, candidate voting, and upcoming Web site enhancements.

• CVE Briefs at Canadian Information Technology Security Symposium
  MITRE briefed CVE at the annual Canadian Information Technology Security Symposium on June 22, 2000, in Ottawa, Canada. The presentation introduced CVE to approximately 200 representatives from the Canadian government, law enforcement, other international organizations, and critical information infrastructure protection experts. The talk went well and was a good opportunity to educate this new, international audience with CVE. The symposium, itself, had approximately 600 attendees and was sponsored by the Communications Security Establishment (CSE) , the Canadian Federal Government agency responsible for information technology security. MITRE also enjoyed the opportunity to visit with Editorial Board member, Ken Armstrong, of EWA-Canada/CanCERT.

June 23, 2000

• CVE Featured in Recent Securitywatch.com News Article
  CVE was the feature story in a May 24, 2000 article on Securitywatch.com . The article, "What's in a name? CVE attempts to cure the vulnerability babel," provides a good overview of what CVE is and is not, a description of what goes on behind the scenes for a candidate to become a CVE entry, and information on how to be involved.

• Patrick Heim joins CVE Editorial Board
  Patrick Heim of Hiverworld is the newest member of the CVE Editorial Board .

June 16, 2000

• CVE Hosts Booth at ISSA Security Conference on June 8
  MITRE hosted a CVE exhibitor booth at the New England ISSA Security Conference on June 8, 2000, at Boston College, Chestnut Hill, MA. The conference was sponsored by the New England Chapter of the Information Systems Security Association (ISSA) . ISSA is an international organization of information security professionals that promotes communication regarding information security management and practices. The conference was successful and introduced CVE to a diverse audience of attendees from financial institutions and other corporations, educational institutions, and government agencies.

June 2, 2000

• CVE Version 20000602 Released
  CVE version 20000602 has been released. It has 56 new entries, for a total of 700 entries.

• CVE Names Included in Top Internet Security Threats List
  The Consensus List of The Top Internet Security Threats , a list of the most critical problem areas in Internet security, was released on June 1, 2000. The list includes CVE names to uniquely identify the vulnerabilities it describes, which will help system administrators to use CVE-compatible products and databases to help make their networks more secure.

• Marcus Ranum, Ken Williams join CVE Editorial Board
  Marcus Ranum of NFR and Ken Williams of eSecurityOnline.com have joined the CVE Editorial Board.

• More Vulnerability Databases Provided to CVE
  Six additional organizations are contributing their vulnerability databases to assist us in creating more candidates for CVE. Symantec , AXENT , The Nessus Project , PGP Security , BindView , and Cisco have all provided MITRE with items from their vulnerability databases. These items will help MITRE to create the next set of candidates for older security issues that have not been added to CVE yet, and to extend the set of references for existing candidates and entries.

• CVE Candidate Numbers Included in Recent Security Advisories
  BindView and Rain Forest Puppy recently released security advisories that included CVE candidate numbers. The BindView advisory described CAN-2000-0305 , and RFP's advisory identified CAN-2000-0350 .

• CVE Hosts Booth at 1st ICCC Conference May 23-25, 2000
  MITRE hosted an exhibitor booth for CVE at the First International Common Criteria Conference (ICCC) on May 23-25, 2000, at the Baltimore Convention Center in Baltimore, MD. The conference was sponsored by the National Information Assurance Partnership (NIAP) , a collaboration between national institute of standards and technology (NIST) and the National Security Agency (NSA). The conference was attended by more than 600+ information security and other professionals, introducing CVE to a wider audience of information technology (IT) security testing laboratories, product and system evaluators, validators and certifiers, systems accreditors, etc.

May 18, 2000

• Vulnerability Databases Providing More Candidates for CVE
  Various organizations are contributing their vulnerability databases so that we can create more candidates for CVE. Security Focus , Neohapsis , ISS , and Harris have all provided MITRE with items from their vulnerability databases. These will help MITRE to create the next set of candidates for older security issues that have not been added to CVE yet, and to extend the set of references for existing candidates and entries.

• CVE Referenced in Recent Edition of InfoWorld
  CVE was referenced as "attempting to bring order to the madness that ravages the Internet every day" in a column about good vulnerability information sources in the May 12, 2000 edition of InfoWorld . The Security Watch column, entitled "Your Best Defense Against Hack Attacks: Good Information and an Insurance Policy," also included a link to the CVE Web site.

• CVE to Brief at Canadian Information Technology Security Symposium, Ottawa, on June 21
  MITRE is currently scheduled to brief CVE at the annual Canadian Information Technology Security Symposium scheduled for June 19-23, 2000, Ottawa, Canada. The conference is sponsored by the Communications Security Establishment (CSE) , the Canadian Federal Government agency responsible for information technology security, and will focus on PKI issues and solutions, e-commerce/e-business, critical information infrastructure protection, intrusion detection, and security in open source software.

May 11, 2000

• AXENT Technologies, Inc. now has several tools that are CVE-compatible. You can view the AXENT entries on the CVE-Compatible Products page.
  
  
• Scott Lawler from the US Department of Defense CERT (DOD-CERT) has joined the Editorial Board .

May 8, 2000

• CVE to Host Booth at ISSA Security Conference on June 8
  MITRE is currently scheduled to host a CVE exhibitor booth at the New England ISSA Security Conference scheduled for June 8, 2000, on the main campus of Boston College in Newton, MA. The conference is sponsored by the New England Chapter of the Information Systems Security Association (ISSA) . ISSA is an international organization of information security professionals that promotes interaction and communication among members regarding information security management and practices. Members include numerous international and U.S. financial institutions and other corporations, educational institutions, and government agencies.

May 4, 2000

• Advanced Research Corporation (ARC) has announced that their vulnerability assessment tool, SARA, is now CVE-compatible. You can view the entry on the CVE-Compatible Products page.

• CVE to Brief at 1st International Common Criteria Conference May 23-25, 2000
  MITRE is currently scheduled to brief CVE and host an exhibitor booth at the First International Common Criteria Conference (ICCC) , scheduled for May 23-25, 2000, at the Baltimore Convention Center in Baltimore, MD. The conference is sponsored by the National Information Assurance Partnership (NIAP) , a collaboration between national institute of standards and technology (NIST) and National Security Agency (NSA). For more information about the conference, visit the conference home page and the FBC/FITS Federal On-Site Technology Expositions page.

• CVE Wins Technology Leadership Award , March 24, 2000
  CVE was awarded the SANS 2000 Security Technology Leadership Award at the SANS Joint Computer Security Conference in Orlando, FL. The award was presented to MITRE's CVE team for "establishing, nurturing and sustaining the industry-wide cooperative Common Vulnerabilities & Exposures project." Read the MITRE press release .

• MITRE Hosts CVE BOF at SANS 2000 , March 23, 2000
  MITRE hosted a CVE 'birds of a feather' reception on Thursday evening at the SANS 2000 Joint Computer Security Conference in Orlando, FL. This "meet and greet" event hosted more than 100+ information security experts and other conference attendees. A short briefing and question and answer session were well attended. CVE was represented by the MITRE team, along with representatives of several member organizations of the CVE Editorial Board. MITRE's CVE team also received the SANS 2000 Security Technology Leaderhip Award at the event.

• MITRE Presents CVE Briefing at InfraGard Meeting, March 17, 2000
  MITRE presented a briefing on CVE to the New England chapter of InfraGard on March 17th. InfraGard is a cooperative effort to exchange information between the FBI, other government agencies, academic institutions, and the business community about network security, illegal intrusions, disruptions, and exploited vulnerabilities of information systems. Once implemented, InfraGard will consist of an alert network and a Web site with information related to computer security and information infrastructure protection. The briefing was well received, and we have been invited to attend another meeting in the near future.

• MITRE Presents CVE Briefing to ISSA, January 27, 2000
  MITRE presented a briefing on the benefits of CVE to the New England Chapter of the Information Systems Security Association (ISSA) at their January meeting at Fleet Boston Financial in Boston. ISSA is an international organization of information security professionals that promotes interaction and communication among members regarding information security management and practices. Members include numerous international and U.S. financial institution and other corporations, educational institutions, and government agencies. On the strength of this presentation, CVE was invited to exhibit at the New England ISSA Security Conference on June 8, 2000 at Boston College in Chestnut Hill, MA.

Read MITRE's CVE Press Releases To-Date, Q1 2000

MITRE Employees Receive SANS Security Technology Leadership Awards , March 2000

MITRE's Information Security Dictionary Reaches Important Milestones/Microsoft, Ernst & Young Join Editorial Board , February 2000

MITRE and Top Security Organizations Launch First Public Dictionary of Computer Vulnerabilities to Boost Cyber-Defense , September 1999.

April 27, 2000

• The CVE Initiative has achieved a new milestone by incorporating CVE candidate numbers into security advisories . ISS recently published two security advisories that include CVE candidate names. One is related to CAN-2000-0249 and the other is related to CAN-2000-0248 .
  
  
• CVE version 20000425 will be published to the CVE Web site in the next few days. It has 34 new entries , for a total of 644 entries.

April 20, 2000

• CVE version 20000418 will be published to the CVE Web site in the next few days. It has 31 new entries , for a total of 610 entries.
  
  
• CVE was the winner of the SANS 2000 Security Technology Leadership Award.
  
  
• Casper Dik from Sun Microsystems has joined the Editorial Board.
  
  
• The Nessus Project's (Renaud Deraison & Jordan Hrycaj) Nessus Security Tool is now CVE-compatible. You can view the entry on the CVE-Compatible Products page.

April 13, 2000

• CVE version 20000410 has been released. It has 23 new entries, for a total of 579 entries.
  
  
• A new addition has been made to the CVE-Compatible Products page: The National Institute of Standards and Technology I-CAT tool.
  
  
• Drew Williams from BindView Corporation has provided CVE with a supporting quote on the What Others Are Saying page. His supporting quote can be viewed here .

March 22, 2000

• CVE Version 20000322 has been released, with 53 new entries. This version of CVE has 556 entries.

March 21, 2000

• A new addition has been made to the CVE-Compatible Products page: PGP Security, Network Associates' CyberCop Monitor and CyberCop Scanner.

March 16, 2000

• The Editorial Board met at AXENT near Salt Lake City, Utah, on March 9-10. They discussed voting to approve candidates, issues related to Board membership, CVE Compatibility, and content decisions.
  
  
• A new addition has been made to the CVE-Compatible Products page: World Wide Digital Security's Security Administrator's Integrated Network Tool (SAINT).

March 2, 2000

• Marvin Christensen from IBM Emergency Response Service (ERS) has joined the Editorial Board .

February 1, 2000

• There are four n ew additions to the Editorial Board ; David LeBlanc from Microsoft, Ronson Nguyen from Ernst & Young, Jim Magdych from NAI, and Steve Schall from ODS.
• The official CVE list has surpassed the 500 entry mark! CVE now lists 503 security vulnerabilities and exposures. The new version of CVE can be searched and is available for download .
• The CVE candidate list is now publicly available! Candidates are items that are actively being considered for inclusion into CVE by the CVE Editorial Board. The current candidate list contains over 554 entries. You can learn more about candidates , search the candidates list, and download the current candidate list.
• There are three new additions to the CVE-Compatible Products page: CYRANO , Ernst & Young , and Max Vision Network Security/Whitehats . Check them out.
• Max Vision from Max Vision Network Security/Whitehats has provided CVE with a supporting quote on the What Others Are Saying page. His supporting quote can be viewed here .

January 4, 2000

• The CVE list has been updated! CVE now lists 473 security vulnerabilities and exposures. The new version of CVE can be searched and is available for download.