Concept

Common Vulnerabilities and Exposures

Résumé

The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. The United States' National Cybersecurity FFRDC, operated by The MITRE Corporation, maintains the system, with funding from the US National Cyber Security Division of the US Department of Homeland Security. The system was officially launched for the public in September 1999. The Security Content Automation Protocol uses CVE, and CVE IDs are listed on Mitre's system as well as in the US National Vulnerability Database. A vulnerability is a computer-software system's weakness enabling unwarranted access. E.g. software processing credit-cards mustn't allow people to read the credit card numbers it processes, yet a nefarious party might use a vulnerability for reading credit card numbers. Considering a specific vulnerability in isolation is hard because there exist many pieces of software, oftentimes with many vulnerabilities and possibly of various types. CVE Identifiers assign each vulnerability a unique formal name, thus establishing a common-language. MITRE Corporation's documentation defines CVE Identifiers (also called "CVE names", "CVE numbers", "CVE-IDs", and "CVEs") as unique, common identifiers for publicly known information-security vulnerabilities in publicly released software packages. Historically, CVE identifiers had a status of "candidate" ("CAN-") and could then be promoted to entries ("CVE-"), but this practice was ended in 2005 and all identifiers are now assigned as CVEs. The assignment of a CVE number is not a guarantee that it will become an official CVE entry (e.g., a CVE may be improperly assigned to an issue which is not a security vulnerability, or which duplicates an existing entry). CVEs are assigned by a CVE Numbering Authority (CNA). While some vendors acted as a CNA before, the name and designation was not created until February 1, 2005. There are three primary types of CVE number assignments: The Mitre Corporation functions as Editor and Primary CNA Various CNAs assign CVE numbers for their own products (e.

Source officielle

https://fr.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures

À propos de ce résultat

Cette page est générée automatiquement et peut contenir des informations qui ne sont pas correctes, complètes, à jour ou pertinentes par rapport à votre recherche. Il en va de même pour toutes les autres pages de ce site. Veillez à vérifier les informations auprès des sources officielles de l'EPFL.

Common Vulnerabilities and Exposures

A review of the security vulnerabilities and countermeasures in the Internet of Things solutions: A bright future for the Blockchain

Identity and Personhood in Digital Democracy: Evaluating Inclusion, Equality, Security, and Privacy in Pseudonym Parties and Other Proofs of Personhood

A review of the security vulnerabilities and countermeasures in the Internet of Things solutions: A bright future for the Blockchain

Identity and Personhood in Digital Democracy: Evaluating Inclusion, Equality, Security, and Privacy in Pseudonym Parties and Other Proofs of Personhood