翻訳と辞書
Words near each other
・ Common tree frog
・ Common tree frog (disambiguation)
・ Common treeshrew
・ Common triplefin
・ Common tsessebe
・ Common tube-nosed fruit bat
・ Common Tunnel
・ Common Turkic Alphabet
・ Common Turkic languages
・ Common Type System
・ Common value auction
・ Common vampire bat
・ Common variable immunodeficiency
・ Common Veterinary Entry Document
・ Common vole
Common Vulnerabilities and Exposures
・ Common walkingstick
・ Common Wall Media
・ Common wallaroo
・ Common Warehouse Metamodel
・ Common warthog
・ Common Wave
・ Common waxbill
・ Common Weakness Enumeration
・ Common Wealth Award of Distinguished Service
・ Common Wealth Party
・ Common Wealth Party election results
・ Common wheat
・ Common whipping
・ Common White Wave


Dictionary Lists
翻訳と辞書 辞書検索 [ 開発暫定版 ]
スポンサード リンク

Common Vulnerabilities and Exposures : ウィキペディア英語版
Common Vulnerabilities and Exposures

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.〔
〕 CVE is used by the Security Content Automation Protocol, and CVE IDs are listed on MITRE's system〔(CVE.MITRE.org ). CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.〕 as well as the US National Vulnerability Database.
== CVE identifiers ==
MITRE Corporation's documentation defines CVE Identifiers (also called "CVE names", "CVE numbers", "CVE-IDs", and "CVEs") as unique, common identifiers for publicly known information-security vulnerabilities in publicly released software packages. Historically, CVE identifiers had a status of "candidate" ("CAN-") and could then be promoted to entries ("CVE-"), however this practice was ended some time ago and all identifiers are now assigned as CVEs. The assignment of a CVE number is not a guarantee that it will become an official CVE entry (e.g. a CVE may be improperly assigned to an issue which is not a security vulnerability, or which duplicates an existing entry).
CVEs are assigned by a CVE Numbering Authority (CNA);〔
〕 there are three primary types of CVE number assignments:
# The MITRE Corporation functions as Editor and Primary CNA
# Various CNAs assign CVE numbers for their own products (e.g. Microsoft, Oracle, HP, Red Hat, etc.)
# A third-party coordinator such as CERT Coordination Center may assign CVE numbers for products not covered by other CNAs
When investigating a vulnerability or potential vulnerability it helps to acquire a CVE number early on. CVE numbers may not appear in the MITRE or NVD CVE databases for some time (days, weeks, months or potentially years) due to issues that are embargoed (the CVE number has been assigned but the issue has not been made public), or in cases where the entry is not researched and written up by MITRE due to resource issues. The benefit of early CVE candidacy is that all future correspondence can refer to the CVE number. Information on getting CVE identifiers for issues with open source projects is available from Red Hat.〔

CVEs are for software that has been publicly released; this can include betas and other pre-release versions if they are widely used. Commercial software is included in the "publicly released" category, however custom-built software that is not distributed would generally not be given a CVE. Additionally services (e.g. a Web-based email provider) are not assigned CVEs for vulnerabilities found in the service (e.g. an XSS vulnerability) unless the issue exists in an underlying software product that is publicly distributed.

抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)
ウィキペディアで「Common Vulnerabilities and Exposures」の詳細全文を読む



スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース

Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.