2000 Industry News Coverage (Archive)

Below is a comprehensive monthly review of the news and other media's coverage of CVE. A brief summary of each news item is listed with its title, author (if identified), date, and media source.

December 2000

Date: 12/18/2000
Publication: CIO.com
Headline: "Ask the Author"

Excerpt or Summary:
CVE was the main topic of a question in a Q&A with author Bruce Schneier in which Schneier answers the question "What do you think about CVE and its growing impact?" Schneier responded: "I like it. I think one of the problems with network security products has been the lack of common terminology. It's hard to compare two systems when they each have different names for the things they detect and prevent. For example, if one vulnerability scanner finds 32 problems with your network and other finds 35 problems, how many problems do you have? 35? 67? Some number in the middle? There's no easy way to tell." Schneier's answer also includes a brief description of CVE and the URL for the CVE Web site.

November 2000

Date: 11/30/2000
Publication: Boardwatch.com

Byline: Pete Loshin
Headline: "Network Vulnerability Scanning, Keeping Your Networks Buttoned Up"

Excerpt or Summary:
This article referred to CVE in a section on evaluating vulnerability scanning results, in which the author states: "Another popular feature is the use of the Common Vulnerabilities and Exposures (CVE) list maintained by MITRE (see sidebar). Being able to reference a standard name for a particular vulnerability or exposure means network scanner users can more confidently apply patches or others fixes. "CVE is also featured in a sidebar, which describes what CVE is and the benefits of CVE-compatible tools. It is in this sidebar that the author refers to CVE as "an invaluable framework that network security professionals can use as a common language for identifying and talking about network vulnerabilities."

Date: 11/13/2000
Publication: eWeek

Byline: Jim Rapoza
Headline: Security core: Best practices -- Industry elite launch far-reaching standards process

Excerpt or Summary:
This article, in the Security News section of eWeek, described the Security Vulnerability Summit held in early November that was co-hosted by the magazine and the security company Guardent Inc. It includes excerpts from an interview with MITRE information security engineer and CVE co-creator, Steve Christey. You may watch a videocast of the interview, or review a transcript.

Date: 11/13/2000
Publication: eWeek

Byline: Lisa Kosan
Headline: CVE: An alert by any other name

Excerpt or Summary:
In her article, the auther described CVE as "The lingua franca for vulnerabilities: Instead of 10 names for the same vulnerability, a single CVE name will help everybody speak the same language."

August 2000

Date: 8/14/2000
Publication: Government Computer News

Byline: Susan Menke
Headline: Computer Security Data Has Nine Lives in ICAT Metadatabase

Excerpt or Summary:
In this article, the author states that "ICAT follows the vulnerability naming standards used in the Common Vulnerabilities and Exposures dictionary compiled last year ... at cve.mitre.org."

Date: 8/10/2000
Publication: Interactive Week Online

Byline: Lewis Koch
Headline: The Wild ICAT Adventure

Excerpt or Summary:
In this article, the author observes that CVE was created to address the problem that "no one from the software industry, the federal government, academia or the computer security industry was using the same words to describe software vulnerabilities and problems." CVE's solution is to provide "a standard name for each known vulnerability, so everybody would know what everybody else was talking about." The article further notes that CVE content is based upon the work of the CVE Editorial Board, which is comprised of information security community members "from academia, software makers, vendors, incident response teams and information providers."

Date: 8/01/2000
Publication: InfoSecuritymag.com

Byline: Al Berg
Headline: Secure strategies: A year-long series on the fundamentals of information systems security

Excerpt or Summary:
CVE received a strong mention in a recent article on InfoSecuritymag.com. The article covers the topic of vulnerability assessment and is part two of a four-part series on information systems security testing. The author cited CVE as "trying to bring some order to the world of security vulnerabilities," described what CVE is and is not, provided a good overview of the basic requirements for CVE-compatible products, and included the CVE Web site address.

July 2000

Date: 7/12/2000
Publication: I S Control Journal

Byline:
Headline: How to Eliminate the Ten Most Critical Internet Security Threats

Excerpt or Summary:
This article concerned a panel discussion on the actions needed to defeat recent distributed denial-of-service attacks and to keep the Internet safe for growth. The article highlights the top ten Internet security flaws, actions needed to rid systems of these vulnerabilities, and corresponding CVE numbers. This article also reported on a panel discussion for developing a consensus list of the most frequently exploited vulnerabilities.

Date: 7/10/2000
Publication: Computerworld.com

Byline: Al Berg
Headline: Security, the Way It Should Be

Excerpt or Summary:
CVE was referenced in a recent article on Computerworld.com that discussed various approaches to improving security and in a section on code review refers to CVE as "a widely accepted archive of security problems found in software and hardware" along with a link to the CVE Web site.

Date: 7/1/2000
Publication: SecurityManagement.com

Byline: DeQuendre Neeley
Headline: The Hacker Files; Protection Against Computer Crimes

Excerpt or Summary:
This article features some of the major trends in computer exposures and threats and offers resources for security managers. According to the author, "One of the newest, and best, vendor led places systems administrators can get information on vulnerabilities is the Common Vulnerabilities and Exposures (CVE) list."

June 2000

Date: 6/01/2000
Publication: SANS Institute Resources

Byline:
Headline: Consensus List of The Top Internet Security Threats

Excerpt or Summary:
The "Consensus List of The Top Internet Security Threats" is a list of the most critical problem areas in Internet security. The list includes CVE names to uniquely identify the vulnerabilities it describes, which will help system administrators to use CVE-compatible products and databases to help make their networks more secure.

May 2000

Date: 5/24/2000
Publication: Securitywatch.com

Byline: Peter Thomas
Headline: What's in a name? CVE attempts to cure the vulnerability babel

Excerpt or Summary:
CVE was the feature story in this article, which provides a good overview of what CVE is and is not, a description of what goes on behind the scenes for a candidate to become a CVE entry, and information on how to be involved.

Date: 5/12/2000
Publication: InfoWorld

Byline: Stuart McClure and Joel Scambray
Headline: Your Best Defense Against Hack Attacks: Good Information and an Insurance Policy

Excerpt or Summary:
CVE was referenced as "attempting to bring order to the madness that ravages the Internet every day" in a column about good vulnerability information sources. The Security Watch column, entitled "Your Best Defense Against Hack Attacks: Good Information and an Insurance Policy," also included a link to the CVE Web site.

April 2000

Date: 4/19/2000
Publication: Business Wire

Byline:
Headline: Harris Corporation Integrates Vulnerabilities Standard into STAT Security Software

Excerpt or Summary:
Harris Corporation recently announced the integration of MITRE's Common Vulnerabilities and Exposures (CVE) standard into its Security Test and Analysis Tool (STAT). Pete Tasker, MITRE's executive director of the security and information operations division, states that "by integrating CVE names into all aspects of STAT, Harris has shown its commitment to providing next level security solutions for its customers."

Date: 4/10/2000
Publication: Magazyn Internetawy

Byline:
Headline: Czesi w rozterce, Rosjanie portrafia

Excerpt or Summary:
This article in a Polish on-line internet magazine mentions the CVE list and includes a hotlink to the MITRE-hosted CVE web site.

March 2000

Date: 3/30/2000
Publication: Computer World Online

Byline: Torben Sorensen
Headline: Web-base daber sikkerhedshuller

Excerpt or Summary:
This Danish article highlights CVE and includes a quote from Pete Tasker, MITRE's director of information security.

Date: 3/23/2000
Publication: STATonline.com

Byline:
Headline: STAT is the First Security Tool with CVE Compatibility Built In

Excerpt or Summary:
The goal of Common Vulnerabilities & Exposures (CVE) is to make it easier to share data across separate security tools and vulnerability databases. This web page announces that the Security Test and Analysis Tool (STAT) is fully compatible with CVE and displays each vulnerability with its related CVE identifier.

Date: 3/1/2000
Publication: Datamation

Byline: Martin Goslar
Headline: Make Security an e-Commerce Priority

Excerpt or Summary:
Recent denial-of-service attacks by computer hackers emphasize the importance of cyber-protection when it comes to e-commerce. Despite the hype over e-security, many businesses leave themselves open to unauthorized intrusion. The article offers suggestions to companies doing business on the web, and includes a review of CVE.

February 2000

Date: 2/1/2000
Publication: Information Security

Byline: Jay Heiser
Headline: Dueling Bugtraqs

Excerpt or Summary:
In this monthly review of Net security news sources, the author recommends using third parties to provide real-time information on undocumented product vulnerabilities. The author mentions that CVE is a "vulnerability [list] recently developed by MITRE."

January 2000

Date: 1/31/2000
Publication: Network World

Byline: Deborah Radcliff
Headline: Too Much Information

Excerpt or Summary:
Corporate security gurus have long been facing the issue of a lack of a single point of reference when searching for computer system vulnerabilities. "But a few months ago... [MITRE] launched the Common Vulnerabilities and Exposures (CVE), a cross-referencing system that will hopefully result in a single, common description for each vulnerability." The article also quotes Gerry Zepp, corporate security director for Comstar.net. "With something like CVE, I can point [clients] to a single place where they can get common explanations of what they're dealing with," says Zepp.

Date: 1/26/2000
Publication: Network Computing

Byline: Mike Fratto
Headline: Hammering Out a Secure Framework

Excerpt or Summary:
CVE is highlighted in this discussion of how best to manage security on a network. "Security experts and vendors have just begun to agree on a common naming scheme for known vulnerabilities ... CVE can be used by vendors to identify vulnerabilities between applications and existing security sites."

Date: 1/1/2000
Publication: e-Business Advisor

Byline: Michael Cobb
Headline - Advisor Answers

Excerpt or Summary:
In this e-commerce Q&A column, the author gives the readers a security tip. When working with network security problems, "confusion arises due to the variety of names by which a vulnerability is known." This is attributed to the fact that network intrusion detection tools and vulnerability scanners have their own databases and use their own names for vulnerabilities and exposures. The author points to CVE, which "should make it easier to share data across separate vulnerability databases and security tools, and may even lead to security tool interoperability."

 
Page Last Updated: May 06, 2009