Common Vulnerabilities and Exposures (CVE) is a catalog of common names (i.e. CVE Identifiers) for publicly known cybersecurity vulnerabilities.
CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. If a report from one of your security tools incorporates CVE Identifiers, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.
- One name for one vulnerability or exposure.
- One standardized description for each vulnerability or exposure.
- A dictionary rather than a database.
- How disparate databases and tools can “speak” the same language.
- The way to interoperability and better security coverage.
- A basis for evaluation among tools and databases.
- Free for public download and use.
- Industry-endorsed via the CVE Numbering Authorities, CVE Board, and CVE-Compatible Products.
CVE is maintained by the MITRE Corporation and sponsored by the National Cyber Security Division (NCSD) of the Department of Homeland Security. The CVE dictionary, a shared information security vulnerability data list, may be viewed by the public.
In information security, a vulnerability is a loophole in software coding that is used by hackers to enter an information system and perform unauthorized activities while posing as an authorized user. An exposure is a software error that allows hackers to break into a system. During an exposure, attackers may gain information or hide unauthorized actions.
Items in the CVE list get names based on the year of their formal inclusion and the order in which they were included in the list that year.Share This: