Log In   |  Register Free Newsletter Subscription
Skip navigation
Zibb
Subscribe to Manufacturing Business Technology
FirstLight 
Email
Print
Reprints/License
RSS

NIST database focuses on software vulnerabilities

By Staff -- Manufacturing Business Technology, 11/1/2005 7:00:00 AM

The National Institute of Standards and Technology (NIST) has launched a National Vulnerabilities Database—or NVD—to aid software administrators in securing computer systems against attack. The database, which went online to the public in August, serves as a single point of encyclopedic-level information regarding points of vulnerability in both commercial and open-source software that could be exploited by hackers and others.

"Every kind of software imaginable is included in the database," says Peter Mell, senior computer scientist and NIST NVD project lead. As of mid-September, the database identifies more than 12,600 known vulnerabilities, with new ones being added constantly. More than a half-million users accessed the database to read vulnerability summaries in the first month.

To date, says Mell, he is aware of only one package from a small software company that does not have any known vulnerabilities.

The NVD project team uses the Common Vulnerability and Exposures (CVE) listing maintained by MITRE Corp., which manages three federally funded R&D centers—aviation system development, defense & intelligence, and enterprise modernization.

"The CVE is essentially a dictionary of vulnerabilities, but it does not provide detailed summaries, which is what we do. We're the encyclopedia of vulnerabilities," Mell says.

The NVD, developed under mandate by the Department of Homeland Security, is powered by what Mell describes as a "fine-grained search engine" that combs all government source files on vulnerabilities, including the CVE, the U.S. Computer Emergency Readiness Team technical alerts and notes, and Open Vulnerability Assessment Language queries. The NVD complements and integrates these sources, enabling users to search by CVE number, vulnerability name, product name, release number and vendor; as well as by severity, range, and impact type.

"My job is to do computer-centric research and provide guidance to the public for how to implement computer security," says Mell, adding, "I'm also supposed to do good things." Mell claims his team is uniquely qualified to do just that because of its "special mission, our unique capabilities, and our charter to provide standards support."

The NVD is accessible at http://nvd.nist.gov.

NIST at a glance:

The National Institute of Standards and Technology (NIST)—a nonregulatory federal agency within the U.S. Commerce Department's Technology Administration—has four cooperative programs:

  • NIST Laboratories: conducts research to advance U.S. technology infrastructure

  • Baldrige National Quality Program: promotes performance excellence and manages the annual Malcolm Baldrige National Quality Award for quality achievement

  • Manufacturing Extension Partnership: a nationwide network of local centers that offers technical and business assistance to small manufacturers

  • Advanced Technology Program: accelerates development of innovative technologies by co-funding R&D partnerships with the private sector

Email
Print
Reprints/License
RSS
Talkback
Sponsored Links
Reed Business Information Resource Center

Featured Company

Most Recent Resources

Advertisement

Related Microsite Content

Related Links

Advertisement

NEWSLETTERS
Mid-Day Report
Innovation Strategies
Intelligent Manufacturing
Lean Enterprise



Please read our Privacy Policy

About Us   |   Advertising Info   |   Site Map   |   Contact Us   |   FREE Subscription   |   Affiliate Links   |   RSS
© 2009 Reed Business Information, a division of Reed Elsevier Inc. All rights reserved.
Use of this Web site is subject to its Terms of Use | Privacy Policy
Please visit these other Reed Business sites