This ITL bulletin provides information about the National Vulnerability Database (NVD), a comprehensive database of cyber security vulnerabilities in information technology (IT) products that was developed by NIST with the support of the National Cyber Security Division (NCSD) of the U.S. Department of Homeland Security. The bulletin advises readers about the U.S. Government organizations that are collaborating to raise awareness about the vulnerabilities of information systems and to provide easily accessible resources to the public. The bulletin discusses the alerts and technical advisory notices that are developed by the cooperating organizations and how the NVD integrates these publicly available U.S. Government vulnerability resources along with references on vulnerabilities developed by industry . Other topics discussed include the Common Vulnerabilities and Exposures (CVE), a naming standard that was jointly developed by government, industry and research organizations, and supporting guidance developed by ITL to help agencies manage vulnerabilities and use patch management processes.
This ITL bulletin provides information about the National Vulnerability Database (NVD), a comprehensive database of cyber security vulnerabilities in information technology (IT) products that was developed by NIST with the support of the National Cyber Security Division (NCSD) of the U.S. Department...
See full abstract
This ITL bulletin provides information about the National Vulnerability Database (NVD), a comprehensive database of cyber security vulnerabilities in information technology (IT) products that was developed by NIST with the support of the National Cyber Security Division (NCSD) of the U.S. Department of Homeland Security. The bulletin advises readers about the U.S. Government organizations that are collaborating to raise awareness about the vulnerabilities of information systems and to provide easily accessible resources to the public. The bulletin discusses the alerts and technical advisory notices that are developed by the cooperating organizations and how the NVD integrates these publicly available U.S. Government vulnerability resources along with references on vulnerabilities developed by industry . Other topics discussed include the Common Vulnerabilities and Exposures (CVE), a naming standard that was jointly developed by government, industry and research organizations, and supporting guidance developed by ITL to help agencies manage vulnerabilities and use patch management processes.
Hide full abstract
Keywords
Common Vulnerabilities and Exposures (CVE); National Vulnerability Database (NVD); Open Vulnerability and Assessment Language (OVAL); patch and vulnerability management; vulnerabilities