Cyber attackers are constantly scanning the Internet looking for vulnerabilities in computer systems that will enable them to take control and use the systems for illegal or unethical activities such as identity theft, industrial espionage or distributing spam. For those trying to prevent such attacks, keeping up with the 300 or so new vulnerabilities discovered each month can be an overwhelming task, especially since a single flaw can be known by numerous names.
The new National Vulnerability Database (NVD) from the National Institute of Standards and Technology (NIST) will make it easier for system administrators and other security professionals to learn about vulnerabilities and how to remediate them. The NVD is a comprehensive database that integrates all publicly available U.S. government resources on vulnerabilities and provides links to many industry resources. NVD is built upon a dictionary of standardized vulnerability names and descriptions called Common Vulnerabilities and Exposures.
Updated daily, NVD currently contains information on almost 12,000 vulnerabilities. It allows users to search by a variety of characteristics, including vulnerability type, severity and impact; software name and version number; and vendor name. NVD also can be used to research the vulnerability history of a product and view vulnerability statistics and trends.
NVD was developed by researchers in NIST’s Computer Security Division with support from the Department of Homeland Security’s National Cyber Security Division. For more information, go to
http://nvd.nist.gov/ .
Related stories:
New Scoring System Protects Credit Card Transactions
As this year’s holiday season approaches, your credit card transactions may be a little more secure thanks to standards adopted by the payment card industry.
MIT software aims to thwart cyber hackers
(PhysOrg.com) -- In response to the chronic cyber threat of hackers, MIT Lincoln Laboratory researchers are developing a software tool to identify the most vulnerable points in a computer network. The tool aims to make it possible for system administrators to focus on parts of a network that are most prone to attack, instead of securing all parts of the network.
Researchers develop next-generation computer antivirus system
(PhysOrg.com) -- Antivirus software on your personal computer could become a thing of the past thanks to a new "cloud computing" approach to malicious software detection developed at the University of Michigan. Cloud computing refers to applications and services provided seamlessly on the Internet.
Research on browser weaknesses triggers attacks
IBM's X-Force says cyber-criminals are using public research on Web browser weaknesses to launch attacks before most users are even aware of their vulnerability. The mid-year report from the security group indicates that organized criminals are adopting new automated techniques and strategies that allow them to exploit vulnerabilities much faster than ever before.
Researchers create next-generation software to identify complex cyber network attacks
Researchers in George Mason University’s Center for Secure Information Systems have developed new software that can reduce the impact of cyber attacks by identifying the possible vulnerability paths through an organization’s networks.
Researchers identify cities at risk for terrorism
A University of Arizona researcher has created a new system to dramatically show American cities their relative level of vulnerability to bioterrorism.
Princeton researchers envision a more secure Internet
Like human society itself, the world's computerized infrastructure is wondrously complex, both spectacularly fertile and deeply flawed.
2 out of 3 middle class American families on shaky financial ground, according to new report
Fewer than one in three middle-class families in America is financially secure, and the remaining majority are either borderline or at high risk of falling out of the middle class altogether, according to a new study published this week by Demos and the Institute for Assets and Social Policy (IASP) at Brandeis University.