What is CVE and how is it used?

Common Vulnerabilities and Exposures (CVE), is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that’s been assigned a CVE ID number.

The goal of CVE is to make it easier to share information about known vulnerabilities so that cybersecurity strategies can be updated with the latest security flaws and security issue. CVEs help vendors, developers, security and IT professionals coordinate their efforts to prioritize and address these vulnerabilities to make computer systems more secure.

CVE was launched in 1999 by the MITRE corporation to identify and categorize vulnerabilities in software and firmware. CVE provides a free dictionary for organizations to improve their cybersecurity. MITRE is a nonprofit that operates federally funded research and development.

A CVE entry describes a known vulnerability or exposure. Each CVE entry contains a standard identifier number with status indicator (i.e. “CVE-1999-0067”, “CVE-2014-12345”, “CVE-2016-7654321”), a brief description and references related vulnerability reports and advisories.

Each CVE ID is formatted as CVE-YYYY-NNNNN. The YYYY portion is the year the CVE ID was assigned or the year the vulnerability was made public.

Unlike vulnerability databases, CVE entries do not include risk, impact fix or other technical information.

Sources:

https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures

https://www.upguard.com/blog/cve

https://www.redhat.com/en/topics/security/what-is-cve

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.