New ICAT Vulnerability Service

[InfoSec News <isn () c4i org>]

Forwarded by: Peter Mell <peter.mell () nist gov>

New ICAT Vulnerability Service

The NIST Computer Security Division's ICAT project team is now giving
away copies of the ICAT vulnerability database for public use
(http://icat.nist.gov). This means that ICAT can now be used as a
royalty free vulnerability database for commercial and free products.
In addition, the ICAT data file contains a GUI interface allowing
people to use ICAT as an off-line application. We support the public
sharing of vulnerability information that can help secure systems and
we are excited about releasing control of our data.

The ICAT vulnerability data is available as a Microsoft Access 2000
file in the "download" section of the ICAT web site. From this file,
the data can be easily exported into most database products. It should
be noted that ICAT is not itself a true vulnerability database but is
instead a searchable index of vulnerability information. Only when the
ICAT data is combined with the numerous vulnerability advisories that
it references can ICAT be used as a vulnerability database. Thus, the
most important data in ICAT is the mapping of CVE standard
vulnerability names (http://cve.mitre.org) to hyperlinks leading to
various vendor and security company advisories. Another important data
set in ICAT is the list of vendor names, product names, and version
numbers associated with each vulnerability.

Other ICAT Developments: 1. ICAT now contains 2628 vulnerabilities 2.
ICAT has a new interface to better support Unix based browsers and
users with slow connections

Have a great day,
Peter Mell
ICAT Project Lead




ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.