News and Events

CVE In the News is a comprehensive monthly review of the news media's coverage of the CVE Initiative. A brief summary of each news item is listed with its title, author (if identified), date, and the name of the media.

December 1999

Date: 12/1/99, 12/6/99
Publication: The Boston Globe , Chicago Tribune
Byline: Ross Kerber
Headline: Handle on Hackers; Bedford, Mass-based Firm Attempts to Increase Software Security

Excerpt or Summary:
"There is little agreement among software security specialists on just how to classify the sections of computer code that are often targeted by hackers." MITRE is gathering support for a project that lists such code as part of a directory of Common Vulnerabilities and Exposures, or CVE. MITRE senior engineer, David Mann compares CVE to lists of elements that were created before the periodic table was accepted. "To get things going scientifically we really need to start small. Hopefully it will spawn more categorizations, eventually," he states.


Date: 12/6/99, 12/19/99
Publication: The Bulletin, The Gazette
Byline: Ross Kerber
Headline: Web Directory Lines Out Computer Weaknesses

Excerpt or Summary:
"There is little agreement among software security specialists on just how to classify the sections of computer code that are often targeted by hackers." MITRE is gathering support for a project that lists such code as part of a directory of Common Vulnerabilities and Exposures, or CVE. MITRE senior engineer, David Mann compares CVE to lists of elements that were created before the periodic table was accepted. "To get things going scientifically we really need to start small. Hopefully it will spawn more categorizations, eventually," he states.


Date: 12/14/99
Publication: Business Wire, Canada Newswire
Byline: PR Newswire <www.prnewswire.com >
Headline: CyberSafe Offers Free Network Intrusion Detection

Excerpt or Summary:
"CyberSafe Corporation, a leading provider of enterprise network security solutions, announced today that it will include free network-based intrusion detection with every purchase of 10 or more host-based server licenses for Centrax 2.3, the upcoming version of its integrated host-based and network intrusion detection product." The article mentions that CyberSafe is an active participant in cutting-edge intrusion detections, such as CVE.

November 1999

Date: 11/22/99
Publication: PR Newswire
Byline: Bill Hampton
Headline: Intrusion Detection Experts to Conduct Free Seminar on Best-Practice

Excerpt or Summary:
CyberSafe Corporation has announced that it is sponsoring a national seminar that will "outline key elements for providing proactive around-the-clock security protection networks from harmful threats inside and outside of the organization." The article mentions that CyberSafe is a member of the CVE Editorial Board, coordinated by MITRE.


Date: 11/15/99
Publication: Network Computing
Byline: Greg Shipley
Headline: ISS RealSecure Remains Ahead < http://www.nwc.com/1023/1023f12.html >

Excerpt or Summary:
In this report card on the various information security systems currently on the market, the CVE initiative is assessed as the first effort to standardize names and types of attacks. CVE aims to "identify and define a common vocabulary for sharing vulnerability data across multiple products and platforms." Even though CVE is new, "it holds some promise for a saner future."


Date: 11/8/99
Publications: Government Computer News
Byline: William Jackson
Headline: MITRE Publishes Directory of Information Security Threats

Excerpt or Summary:
"CVE, maintained by MITRE and developed in conjunction with several other security companies and organizations, has a vendor-independent naming convention to ease database sharing and make security tools more interoperable." According to Bill Fithen, senior analyst with the Computer Emergency Response Team at Carnegie Mellon University, "CVE is a scientific necessity. We view it as a milestone in the science of information assurance."


Date: 11/6/99
Publications: www.cyrano.com
Byline:
Headline: Point Profile CEO Announces CVE Compliance for CYRANO E-secure Database in Version 1.2 < http://www.cyrano.com/news/nov0699.html >

Excerpt or Summary:
The CEO of Point Profile has announced the availability of a CVE-compliant database for their CYRANO e-secure product. CVE is described as the latest technology in the field of standardizing and cross-referencing of vulnerabilities and exposures.


Date: 11/5/99
Publications: E-Commerce Guide
Byline: Mark Merkow
Headline: An Ounce of Prevention

Excerpt or Summary:
This article summarizes the benefits that consumers and providers of security products will receive from CVE. "CVE is vital in helping consumers of security tools and systems to effectively compare products using an apples-to-apples approach." CVE provides a common language and facilitates the sharing of data among incident response teams, vulnerability databases, intrusion detection systems, and assessment tools.

October 1999

Date: 10/11/99
Publication: Information Week, Internet Week
Byline: Rutrell Yasin
Headline: Dictionary Spells Out Security Vulnerabilities

Excerpt or Summary:
This article reports on CVE, "An initiative spear-headed by MITRE Corp. that could help IT managers better assess the impact of security vulnerabilities on their networks." MITRE’s recently announced CVE list is available to the public and provides standardized descriptions and names for more than 300 computer vulnerabilties. According to Pete Tasker, MITRE's executive director of security and information operations, "The dictionary is designed to analyze data culled about a variety of security tools." CVE's purpose is to facilitate data sharing between different risk assessment tool vendors by providing a common language to describe vulnerabilities. MITRE's senior software analyst Steve Christey also adds that CVE's standardized descriptions are crucial to conducting a true risk assessment.


Date: 10/7/99
Publication: Computing
Byline:
Headline: Experts Team Up to Tackle Security Issues

Excerpt or Summary:
This brief article announces that MITRE teamed up with IBM Research, Cisco, CERIAS/Purdue University, plus 16 additional security companies, in forming the CVE initiative. The CVE web site, cve.mitre.org, is also listed.


Date: 10/6/99
Publication: Network News
Byline:
Headline: Security Vulnerables to be Issued with Standard Words

Excerpt or Summary:
MITRE has joined forces with other security experts to create the Common Vulnerabilities and Exposures initiative. In addition to "providing data sharing among intrusion detection systems, assessment tools, vulnerability databases, researchers and incident response teams, CVE will also ensure interoperability between third-party security products." According to Pete Tasker, executive director of security and information at MITRE, "Without a common language to correlate pieces of vulnerability-related information, it was difficult to manage the output from the security tools that we use."


Date: 10/4/99
Publication: CNN.com
Byline: Dorte Toft
Headline: " Dictionary defines cyber-threats "

Excerpt or Summary:
This article discusses the launch of the CVE Initiative and describes what CVE is and isnt and notes the organizations participating on the CVE Editorial Board . The author quotes Christopher Klaus, founder and chief technology officer at the software vendor Internet Security Systems, who states: "[CVE] will help customers to handle their security better."


Date: 10/4/99
Publication: Security Wire Digest
Byline:
Headline: MITRE Unveils CVE to Mixed Reviews

Excerpt or Summary:
This article says that while everyone seems to think that MITRE's Common Vulnerabilities and Exposures list is a good idea, it "has been received with mixed reviews." According to Pete Tasker, MITRE's executive director of security and information operations, "In the past, each security tool and vulnerability database used its own names for vulnerabilities and exposures. Without a common language to correlate pieces of vulnerability-related information, it was difficult to manage the output from security tools that we use. CVE will help us better serve our sponsors and protect our perimeter by making it easier to share information." CVE is publicly available at cve.mitre.org.


Date: 10/4/99
Publication: BPE News
Byline:
Headline: Se Publica Una Lista de Vulnerabilidades de Seguridad

Excerpt or Summary:
This article focuses on MITRE's announcement of the CVE initiative. The article is written in Spanish.


Date: 10/1/99
Publication: Network World
Byline: Dorte Toft
Headline: New Dictionary Defines Cyber Threats < http://www.nwfusion.com/news/1999/1001threat.html >

Excerpt or Summary:
"The first official dictionary defining terms used to discuss computer systems vulnerabilities has been released. It may be scary reading for laymen, but it's been long awaited by those working to defend against cyber threats." According to the article, MITRE’s CVE is being praised by the SANS Institute, which represents 62,000 security administrators and security professionals. Steve Northcutt, director of SAN's intrusion detection program believes that "....when CVE hits the point of 1,000 entries, it will be a powerful tool."

September 1999

Date: 9/29/99
Publications: Canadian Corporate Newswire
Byline:
Headline: Centrax Intrusion Detection Software from CyberSafe Now Integrated with Common Vulnerbaility Database

Excerpt or Summary:
CyberSafe Corporation, a leading provider of enterprise network security solutions, announced today that its Centrax intrusion detection software is now integrated with the Common Vulnerability Exposures (CVE) list. CVE, developed by a consortium led by the MITRE Corporation, contains a comprehensive list of publicly identified vulnerabilities organized according to a vendor-independent naming convention. "It is critically important for security tool vendors to be involved in the CVE initiative," said Pete Tasker, MITRE's Executive Director for Information Assurance. "Their commitment to producing CVE-compatible products will break the log jam that is currently preventing security tool consumers from effectively managing their security data." The ultimate goal of these open systems efforts is to allow interoperation of consoles and sensors from multiple intrusion detection vendors, yielding the broadest and deepest analysis for effective security enforcement.


Date: 9/28/99
Publications: Network World
Byline: Dorte Toft
Headline: MITRE Initiative to Aid Defense from Cyber Threats

Excerpt or Summary:
"Twenty companies and organizations represented on an editorial board have endorsed a forthcoming dictionary of terms used in defending against attacks on computer systems and networks, according to Alan M. Shoemaker, director of public affairs at MITRE."