Re: [PEN-TEST] Common Vulverabilities and Exposures (CVE)

[Franck Veysset <franck.veysset () INTRANODE COM>]

As explain on the CVE web site (http://cve.mitre.org) :

Common Vulnerabilities and Exposures (CVE) is:
 - A list of standardized names for vulnerabilities and other 
  information security exposures -- CVE aims to standardize the names 
  for all publicly known vulnerabilities and security exposures.
 - A Dictionary, NOT a Database
 - A Community-Wide Effort
 - Freely Available for Review or Download

This dictionary can be download in different format : Html, text and
comma-separated, wich can be more easy to parse.

If you are more looking for detailed vulnerabilitie descriptions,
there are many database available on line, like the ICAT metabase,
http://icat.nist.gov/icat.taf which is of course CVE compliant.

CVE should be a good start to classifie and order information in your
database.

-Franck


Marco Galimberti a écrit :
> Hi, I'm searching for a client-server application from which is possible to
> download vulnerabilities, exploit etc and to classificate it in a database
> (UNIX or better Windows (we are using microsoft OSs in the enterprise))...
>
> I've found a standard called Common Vulverabilities and Exposures (CVE)
> whick permit to upgrade the database of ISS and similar products. I'm not
> interested in suite such as ISS... just to collect the vulnerability in a
> simple and free database (also MS Access may be good to the purpose ;-)
>
> Somebody can help me, please?
>
> Thank you Marco
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com

-- 
Franck Veysset  E-mail: franck.veysset () intranode com
http://www.INTRANODE.com  -  Tel: +33 (0)2 23 45 55 04
            -- Security Lab Engineer --

      O   ascii ribbon campaign against html
      |\    email and Microsoft attachments.