National Vulnerability Database
   HOME

TheInfoList



Click Here for Items Related To - National Vulnerability Database
OR:
National Vulnerability Database on:   [Wikipedia]   [Google]   [Amazon]

The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the
Security Content Automation Protocol The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA (Fed ...
(SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics. NVD supports the
Information Security Automation Program The Information Security Automation Program (ISAP, pronounced “I Sap”) is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. While a U.S. government initiative, its standards base ...
(ISAP). On Friday March 8, 2013, the database was taken offline after it was discovered that the system used to run multiple government sites had been compromised by a software vulnerability of
Adobe ColdFusion Adobe ColdFusion is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995. (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as C ...
. In June 2017, threat intel firm Recorded Future revealed that the median lag between a CVE being revealed to ultimately being published to the NVD is 7 days and that 75% of vulnerabilities are published unofficially before making it to the NVD, giving attackers time to exploit the vulnerability. In addition to providing a list of
Common Vulnerabilities and Exposures The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The United States' National Cybersecurity FFRDC, operated by The MITRE Corporation, mainta ...
(CVEs), the NVD scores vulnerabilities using the Common Vulnerability Scoring System (CVSS) which is based on a set of equations using metrics such as access complexity and availability of a remedy.


See also

*
Common Weakness Enumeration The Common Weakness Enumeration (CWE) is a category system for hardware and software weaknesses and vulnerabilities. It is sustained by a community project with the goals of understanding flaws in software and hardware and creating automated tools t ...
*
Common Vulnerabilities and Exposures The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The United States' National Cybersecurity FFRDC, operated by The MITRE Corporation, mainta ...


References


External links

*
Security Content Automation Protocol (SCAP)Packet StormExploit Database

Security Content Database
Government databases in the United States Security vulnerability databases {{US-gov-stub