Penetration Testing mailing list archives
Re: [PEN-TEST] Common Vulverabilities and Exposures (CVE)
From: Alfred Huger <ah () SECURITYFOCUS COM>
Date: Fri, 9 Mar 2001 09:26:09 -0700
On Thu, 8 Mar 2001, c0ncept wrote:
I've actually been working on a simialer project -- creating a database of advisories, exploits, tools and vendor documentation relavent to security and networking. I've been using SQL Server 2000 as the devlopment platform, but I'm not using anything SQL Server specific (ie. the structure of the database should be easily ported to any RDBMS). The goal of the project to provide all of this information in a way that is *easily* searchable for relevent information -- prompted by what I percieve as the inadequecy of what currently exsists (sorry security focus, sorry packetstorm -- you guys just don't offer enough fields to search, and searches have a habit of returning to much noise). Once the database is constructed, It could be used as the back-end of an Expert System geared twords security, with an embeddable client that could be included in security-auditing programs. So far, it's just been me hacking away on my SQL server whenever I have free time; If anybody else would like to help with the project, email me off the list, and I'll set up something a little more formal. --c0ncept c0ncept () hushmail com
I had planned on avoiding taking part in this thread, however we got mentioned, so here I go. Most of you probably don't realize how we generate revenue here because are not terribly in your face about it, in particular on the lists. Contrary to popular belief we do not pay our rent off of advertising revenue. We build our revenue around three core products. First is a configurable alert system for security vulnerabilities, second is IDS based Intelligence services, ala ARIS for those of you in the beta and finally with our Vulnerability Database. The Database which we sell commercially is quite alot differant that that which lives on our site. The database on the site is as comprehensive as we can afford it to be given that it's free and provided to the community on a timely basis. However, the database which we sell is *quite* alot differant. It contains many more fields as well correlation data between vulnerabilities and IDS signatures for BlackICE, ICEPac, Snort, Cisco Secure IDS, RealSecure etc, etc, etc. Our Vuln Database is also kept up to date 7 days a week and is fed out to our customer base hourly. Te vulns on the site are actually about one third of the commercial package and they are also time delayed (on the website) for between 24 and 36 hours. Regrettably I do not do it justice as I am not a sales droid, nor am I predisposed to hyping what I build. If you want the full run down, I would be happy to provide it off line. -al
Current thread:
- [PEN-TEST] Common Vulverabilities and Exposures (CVE) Marco Galimberti (Mar 08)
- Re: [PEN-TEST] Common Vulverabilities and Exposures (CVE) Ryan Permeh (Mar 08)
- Re: [PEN-TEST] Common Vulverabilities and Exposures (CVE) c0ncept (Mar 09)
- Re: [PEN-TEST] Common Vulverabilities and Exposures (CVE) Alfred Huger (Mar 09)
- Re: [PEN-TEST] Common Vulverabilities and Exposures (CVE) Franck Veysset (Mar 09)
- <Possible follow-ups>
- Re: [PEN-TEST] Common Vulverabilities and Exposures (CVE) Steven M. Christey (Mar 10)