A group of security experts have set up a standards initiative to help tighten cyber defences by providing a list of information vulnerabilities.
The Mitre Corporation has joined with IBM Research, Cisco, CERIAS/Purdue University and 16 other top security organisations to create the Common Vulnerabilities and Exposures (CVE) initiative.
The initiative will draw up a list of information security vulnerabilities and exposures, and provide common names for publicly known problems. Such information will be posted to its Web site, cve.mitre.org.
Other participants in the project include Axent Technologies, The Ballistic Missile Defense Organization, Bugtraq, Cybersafe, Harris, Network Security, SANS Institute and Securityfocus.com.
As well as provide data sharing among intrusion detection systems, assessment tools, vulnerability databases, researchers and incident response teams, CVE will also ensure interoperability between third party products.
Said Pete Tasker, executive director of security and information at Mitre, "In the past, each security tool and vulnerability database used its own names for vulnerabilities and exposures. Without a common language to correlate pieces of vulnerability-related information, it was difficult to manage the output from the security tools that we use."
Mitre is a not for profit company working on scientific and technical issues for the public benefit. According to Tasker, a common language and data sharing are two benefits CVE will provide. The group is working on remaining names and will add new links for vendors of compatible tools.
Observers believe CVE is a scientific necessity. Said Bill Fithen, senior analyst at Computer Emergency Response Team (CERT) said, "It will facilitate improved communication among information professionals. We intend to contribute our accumulated knowledge."
The content of CVE comes from a collaborative effort of the 19 member CVE editorial board. These include, Axent Technologies, Ballistic Missile Defense Organization, Cybersafe, CERIAS/Purdue University, L-3 Network Security, Network Associates, SANS Institute and Securityfocus.com. The board identifies which vulnerabilities or exposure are included in CVE and determines the common name and description for each.
"Until now each vendor has developed their own list of 'known vulnerabilities' and then created ways of detecting and responding to them," said Christopher Klaus, founder and chief technology officer of Internet Security Systems (ISS).
Klaus said the initiative will provide a standard way for ecommerce companies to describe and define vulnerabilities. "CVE provides a common infrastructure and creates a method to speak the same language and reduce confusion," he said.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago