Red Hat Unveils CVE Security Compatibility

[InfoSec News <isn () c4i org>]

http://linuxtoday.com/news_story.php3?ltsn=2002-04-11-002-26-SC-RH

April 11, 2002

RALEIGH, N.C.--April 10, 2002--Red Hat, Inc. (Nasdaq:RHAT) today 
announced that security alerts and advisories, including updates 
issued through the Red Hat Network, will now use Common 
Vulnerabilities and Exposures (CVE) standard names. 

The CVE project, maintained by the MITRE Corporation, is a list of 
standardized names for vulnerabilities and security exposures. The 
common list makes it easier to share data across a broad group of 
technologies, and can improve the accuracy of alerts and updates that 
correct potential security issues. In January, the National Institute 
of Standards and Technology (NIST) issued a draft recommendation that 
government organizations adopt CVE standard solutions throughout their 
security infrastructure. 

"One of the greatest strengths of open source development is the 
ability to harness the efforts of millions of programmers, users and 
vendors across the industry to quickly change software, including 
fixing vulnerabilities," said Mark Cox, senior director of engineering 
at Red Hat. "The CVE dictionary delivers a common language, enabling 
our customers to spend less time investigating and categorizing 
security events, reducing risk and any associated impact." 

"The growing acceptance of CVE within the open source community is an 
important development," said MITRE's Steve Christey, who heads up the 
CVE Editorial Board and is editor of the CVE List. "We hope that Red 
Hat's commitment to CVE will encourage other open source vendors to 
become more actively engaged in this initiative. We formally welcome 
Mark to our CVE Board, and at the same time we appreciate the 
significant contributions he has made over the last five months." 

Red Hat also announced today that Mark Cox has become the first 
employee of an open source vendor to join the CVE Editorial Board, 
whose members collaborate to determine the content of the list. The 
Board includes representatives from top vendors, academic 
institutions, government agencies and prominent security experts. 
Prior to his appointment, Cox had worked as a liaison with the project 
since November 2001. 

"We are working with MITRE and the rest of the CVE Editorial Board to 
contribute and validate new entries that affect Linux and open source 
projects, as well as publish CVE entries in our security advisories," 
said Cox. "It is essential that security vulnerabilities get reported 
accurately so that affected users can make informed decisions." 

For more information on the CVE project, please visit cve.mitre.org 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.