|
A vulnerability database is a platform aimed at collecting, maintaining, and disseminating information about discovered vulnerabilities targeting real computer systems. The database will customarily describe the identified vulnerability, assess the potential infliction on computer systems and the workaround required to desist a hacker. For a hacker to surmount a system's information assurance, three elements must apply: a susceptibility within the system, access to the susceptibility and the ability to exploit the susceptibility. == Types of vulnerability databases == Major vulnerability databases such as the Open Source Vulnerability Database (OSVDB) and National Vulnerability Database U.S (NVD) publish Common Vulnerabilities and Exposures (CVE). The primary purpose of CVE is to feed vulnerability databases like OSVDB vulnerabilities and exposure identification names and numbers.〔(【引用サイトリンク】url=http://cve.mitre.org/ )〕 Vulnerability databases develop the received intelligence from CVE and investigate further providing vulnerability scores, impact ratings and the requisite workaround. CVE is paramount for linking vulnerability databases so critical patches and debugs can be shared to inhibit hackers from accessing sensitive information on private systems. The Open Source Vulnerability Database provides an accurate, technical and unbiased index on vulnerability security. The comprehensive database catalogues over 121,000 vulnerabilities spanning a 113 year period. The OSVDB was founded in August 2002 and was launched in March 2004. In its primitive beginning, newly identified vulnerabilities were investigated by site members and explanations were detailed on the website. However, as the necessity for the service thrived, the need for dedicated staff resulted in the inception of the Open Security Foundation (OSF) which was founded as a non-profit organisation in 2005 to provide funding for security projects and primarily the OSVDB. The National Vulnerability Database is a comprehensive cyber security vulnerability database formed in 2005 that reports on CVE. The NVD is a primary cyber security referral tool for individuals and industries alike providing informative resources on current vulnerabilities. The NVD holds in excess of 50,000 records and publishes 13 new entries daily on average. Similar to the OSVDB, the NVD publishes impact ratings and categorises material into an index to provide users with an intelligible search system.〔(【引用サイトリンク】url=https://nvd.nist.gov/ )〕 Vulnerability databases advise organisations to develop and execute patches or other mitigations which endeavour to rectify critical vulnerabilities. However, this can often lead to the creation of additional susceptibilities as patches are created hastily to thwart further system exploitations and violations. Depending upon the level of a user or organisation, they warrant appropriate access to a vulnerability database which provides the user with disclosure of known vulnerabilities that may affect them. The justification for limiting access to individuals is to impede hackers from being versed in corporation system vulnerabilities which could potentially be further exploited. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Vulnerability database」の詳細全文を読む スポンサード リンク
|