2000 News & Events (Archive)

December 22, 2000

Videocast of eWeek Magazine Interview with CVE Co-Creator, Steve Christey, Now Available

picture of Steve ChristeyThe Security News section of a recent issue of eWeek magazine included an article entitled "Security core: Best practices-Industry elite launch far-reaching standards process." The article described the Security Vulnerability Summit held in early November that was co-hosted by the magazine and the security company Guardent Inc., and included excerpts from an interview with MITRE information security engineer and CVE co-creator, Steve Christey. You may watch a videocast of the interview, or review a transcript.

Two Join CVE Editorial Board

Two new members have been added to the CVE Editorial Board. These new members are:

Other CVE Editorial Board Changes

Marc Dacier of IBM Research has left the CVE Editorial Board. He has been replaced by Larry Oliver, as noted above. Troy Bollinger of IBM Research also remains as a Board member. See the CVE Editorial Board page for the most up-to-date list of Board members.

SecurityWatch.com Makes CVE Compatibility Declaration

SecurityWatch.com has declared that its Vulnerability Knowledge Database is CVE-compatible. For additional information about this and other CVE-compatible products, visit the CVE-Compatible Products page.

Network Security Systems Makes CVE Compatibility Declarations

Network Security Systems has declared that its Vulnerability Reporting and Testing tool and Network Hardware Appliance are CVE-compatible. For additional information about these and other CVE-compatible products, visit the CVE-Compatible Products page.

CVE Included in Boardwatch Magazine Article

CVE was included in a recent article in ISPWorld.com's Boardwatch magazine, entitled "Network Vulnerability Scanning, Keeping Your Networks Buttoned Up". The article referred to CVE in a section on evaluating vulnerability scanning results, in which the author states: "Another popular feature is the use of the Common Vulnerabilities and Exposures (CVE) list maintained by MITRE (see sidebar). Being able to reference a standard name for a particular vulnerability or exposure means network scanner users can more confidently apply patches or others fixes." CVE is featured in this sidebar, which describes what CVE is and the benefits of CVE-compatible tools. It is in the sidebar that the author refers to CVE as "an invaluable framework that network security professionals can use as a common language for identifying and talking about network vulnerabilities."

December 5, 2000

CVE Featured in eWeek Magazine Article

CVE was featured in a recent article in eWeek magazine on Zdnet.com. The article, entitled "CVE: An alert by any other name", described what CVE is and the benefits of CVE to the IT security community, discussed the new subscriber mailing list for current CVE announcements, and included the CVE Web site address. The article also noted that CVE has grown from 321 entries at inception in September 1999 to 1,077 entries, with 850 candidates pending in the current version. In her conclusion, the author described CVE as "The lingua franca for vulnerabilities: Instead of 10 names for the same vulnerability, a single CVE name will help everybody speak the same language."

CVE Candidate Number Included in IBM ERS Advisory Service Report

A CVE candidate number was included in a recent advisory service report from the IBM Emergency Response Service (ERS). The report, ERS-FYI-E01-2000:078.1, identified CAN-2000-0844.

CVE Candidate Number Included in SGI Security Advisory

SGI recently released a security advisory that included a CVE candidate number. The advisory, "InPerson Vulnerabilities, 20001101-01-I" identified CAN-2000-0799 and offered a URL to CVE for more information.

November 17, 2000

Three Join CVE Editorial Board

Three new members have been added to the CVE Editorial Board. These new members are:

Other CVE Editorial Board Changes

Patrick Heim, formerly of Hiverworld, has left the CVE Editorial Board. Tom Stracener remains as the Hiverworld representative. In addition, Marvin Christensen, formerly of IBM ERS, and Steve Schall, formerly of intrusion.com, have also left the Board. See the CVE Editorial Board page for the most up-to-date list of Board members.

November 11, 2000

CVE Exhibits at FedCIRC Conference, November 7-8

MITRE hosted a CVE exhibitor booth at FEDCIRC Conference, November 7-8, 2000, at the University of Maryland, University College, MD. Federal Computer Incident Response Capability (FedCIRC) is the central coordination and analysis facility that deals with computer security-related issues affecting the civilian agencies and departments of the Federal Government. The conference was successful and introduced CVE and CVE-compatible products to a variety of representatives from government and academia, as well as other computer security specialists.

November 3, 2000

CVE Hosts Booth at SANS Network Security 2000, October 15-22

MITRE hosted a CVE exhibitor booth at SANS Network Security 2000, October 15-22, 2000 in Monterey, CA. The conference, at which CVE promoted its 1,000 entries milestone celebration, was successful and introduced CVE and CVE-compatible products to a diverse audience of security and audit professionals and system and network administrators.

CVE Hosts Booths at 23rd National Information Systems Security Conference, October 16-19

MITRE hosted a CVE exhibitor booth at the 23rd National Information Systems Security Conference, October 16-19, 2000 in Baltimore, MD. CVE promoted its 1,000 entries milestone celebration at the conference and also introduced CVE and CVE-compatible products to a variety of information security professionals, network managers, technology directors, chief information officers, engineering managers, and other representatives from government, industry, and academia across the country and around the world. The conference was co-sponsored by the National Institute of Standards and Technology (NIST) and the National Computer Security Center.

October 16, 2000

CVE Achieves 1,000 Entries Milestone!

CVE has achieved a major milestone of 1,000 official entries. Since its inception in September 1999, CVE has grown from 321 entries to more than 1,077, with another 700 candidates currently pending. The milestone is also further evidence that the information security community has embraced the CVE Initiative. To date, 26 developers of vulnerability databases and tools have declared that their products are or will be CVE-compatible. Read the MITRE news release.

September 22, 2000

Troy Bollinger joins CVE Editorial Board

Troy Bollinger of IBM is the newest member of the CVE Editorial Board.

CVE to Host Booth at SANS Network Security 2000 October 15-22

MITRE is scheduled to host a CVE exhibitor booth at SANS Network Security 2000 October 15-22, 2000 at the Doubletree Marriott and Monterey Conference Center in Monterey, CA. This sixth annual conference on securing networks and systems is targeted to security and audit professionals and system and network administrators.

CVE to Host Booth at 23rd National Information Systems Security Conference October 16-19

MITRE is scheduled to host a CVE exhibitor booth at the 23rd National Information Systems Security Conference October 16-19, 2000 at the Baltimore, MD Convention Center, in Baltimore, MD. The conference is co-sponsored by the National Institute of Standards and Technology (NIST) and the National Computer Security Center, and is targeted to information security professionals, network managers, technology directors, chief information officers, engineering managers, and other representatives from government, industry, and academia across the country and around the world. The exposition is sponsored by AFCEA.

August 30, 2000

CVE Launches New Web Site

CVE has upgraded its Web site with new information and new functionality to better serve our users. New information includes a revised "Get CVE" page for viewing, downloading, or searching the CVE list; a description of the CVE naming process; an updated "CVE-Compatible Products" page; and free e-newsletters, among other improvements.

New features include:

  • Improved Access to the CVE List
    The new Get CVE page combines the View CVE, Search CVE, and Download CVE options in a single location for one-stop access to the CVE list and the candidates. In addition to this improved ease-of-use feature, the new page also has Search Tips, information on How to Read a CVE Entry and CVE Candidates, a description of CVE Versions including "reference versions," and a list of CVE Data Sources.
  • New CVE Functionality
    In addition to the enhanced functionality noted above for quicker access to CVE, the Get CVE page now also offers reference maps, which allow users who know the name of a reference (e.g., a security advisory) to more easily locate the associated CVE name.
  • Thorough Description of the CVE Naming Process
    How does a security vulnerability or exposure become a CVE entry? This new section of the site, the CVE Naming Process, gives you everything you need to know about candidates, how they are reviewed by the CVE Editorial Board for possible inclusion in CVE, and also details about what information is included in a CVE entry.
  • Updated Compatible Products Page
    The CVE-Compatible Products section of the Web site has been updated with new products and information. The declarations also now include a "Last Updated" date for each product so you can tell when a product/database was declared as CVE-compatible or is planned to become CVE-compatible. A new feature of this section is CVE-Compatible Products Requirements, which details the process for determining CVE compatibility; notes prerequisites; and cites specific requirements for security tools, Web sites, and repositories.
  • FREE Newsletters
    CVE is now offering two free e-newsletters that you can receive directly in your email mailbox. "CVE-Announce" provides general information about the latest CVE news and events, and "CVE-Data-Update" with reports of new CVE entries and/or candidates and other detailed technical information regarding CVE. The newsletters are sent once per week or less, and you may sign up for either or both lists.
  • Upgraded News & Events Section
    The News & Events section of the new site offers a running list of the latest and breaking CVE news; an Event Calendar that notes which conferences and other events at which CVE will be delivering presentations, exhibiting, or attending; an ongoing list of news articles and other mentions of CVE In the News; and a Press View page for news organizations interested in covering the CVE Initiative.
  • Other Improvements
    The new site also includes direct access to information on CVE Editorial Board Meetings, a link to the Board Mail Archives, and the most recent list of Board Members; a new page entitled CVE Illustrated which provides a graphical representation of the CVE trade show booth experience; an extended collection of CVE-related Documents; and an updated FAQ.
August 18, 2000

CVE Candidate Number Included in CERT/CC Security Advisory

CERT/CC recently released a security advisory that included a CVE candidate number. The advisory, "CERT Advisory CA-2000-17," identified CAN-2000-0666 and offered a URL to CVE for more information.

CVE Cited in Article on Security Strategies in InfoSecuritymag.com

CVE received a strong mention in a recent article on InfoSecuritymag.com. The article, entitled "Secure strategies: A year-long series on the fundamentals of information systems security", covers the topic of vulnerability assessment and is part two of a four-part series on information systems security testing. The author cited CVE as "trying to bring some order to the world of security vulnerabilities," described what CVE is and is not, provided a good overview of the basic requirements for CVE-compatible products, and included the CVE Web site address.

August 15, 2000

Editorial Board Holds Meeting

The CVE Editorial Board held a face-to-face meeting on August 14-15, 2000 in Denver, Colorado. Topics of discussion included a process for rejecting or modifying CVE candidates and entries, guaranteeing the validity of candidates before they are accepted into CVE, the use of CVE references, issues related to producing a Common Intrusion Event List (CIEL) to provide a naming standard for IDS events, CVE compatibility, establishing software vendor liaisons to the Board, voting on candidates, and content decisions.

July 27, 2000

Tivoli Makes CVE Compatibility Declaration

Tivoli Systems, Inc., an IBM company, has declared that their SecureWay Risk Manager is CVE-compatible. For additional information about this and other CVE-compatible products, visit the CVE-Compatible Products page.

July 21, 2000

CVE Referenced in Computerworld Article

CVE was referenced in a recent article on Computerworld.com entitled, "Security, the Way It Should Be". The article discusses various approaches to improving security and in a section on code review refers to CVE as "a widely accepted archive of security problems found in software and hardware" along with a link to the CVE Web site.

July 12, 2000

CVE Version 20000712 Released

CVE version 20000712 has been released. It has 115 new entries, for a total of 815 entries. In addition, it includes several entries for security problems whose initial public announcement contained candidate numbers: CVE-2000-0249, CVE-2000-0303, CVE-2000-0304, CVE-2000-0305, CVE-2000-0350, and CVE-2000-0376. More informationfor this new version is available.

July 5, 2000

Editorial Board Holds Teleconference

The Editorial Board held a teleconference on June 29, 2000, with eight Board members participating. Topics included the daily operations of the Editorial Board, the role of MITRE in conducting Board operations, how MITRE converts raw vulnerability information into candidates, CVE accuracy and timeliness, content decisions, candidate voting, and upcoming Web site enhancements.

CVE Briefs at Canadian Information Technology Security Symposium

MITRE briefed CVE at the annual Canadian Information Technology Security Symposium on June 22, 2000, in Ottawa, Canada. The presentation introduced CVE to approximately 200 representatives from the Canadian government, law enforcement, other international organizations, and critical information infrastructure protection experts. The talk went well and was a good opportunity to educate this new, international audience with CVE. The symposium, itself, had approximately 600 attendees and was sponsored by the Communications Security Establishment (CSE), the Canadian Federal Government agency responsible for information technology security. MITRE also enjoyed the opportunity to visit with Editorial Board member, Ken Armstrong, of EWA-Canada/CanCERT.

June 23, 2000

CVE Featured in Recent Securitywatch.com News Article

CVE was the feature story in a May 24, 2000 article on Securitywatch.com. The article, "What's in a name? CVE attempts to cure the vulnerability babel,"provides a good overview of what CVE is and is not, a description of what goes on behind the scenes for a candidate to become a CVE entry, and information on how to be involved.

Patrick Heim joins CVE Editorial Board

Patrick Heim of Hiverworldis the newest member of the CVE Editorial Board.

June 16, 2000

CVE Hosts Booth at ISSA Security Conference on June 8

MITRE hosted a CVE exhibitor booth at the New England ISSA Security Conference on June 8, 2000, at Boston College, Chestnut Hill, MA. The conference was sponsored by the New England Chapter of the Information Systems Security Association (ISSA). ISSA is an international organization of information security professionals that promotes communication regarding information security management and practices. The conference was successful and introduced CVE to a diverse audience of attendees from financial institutions and other corporations, educational institutions, and government agencies.

June 2, 2000

CVE Version 20000602 Released

CVE version 20000602 has been released. It has 56 new entries, for a total of 700 entries.

CVE Names Included in Top Internet Security Threats List

The Consensus List of The Top Internet Security Threats, a list of the most critical problem areas in Internet security, was released on June 1, 2000. The list includes CVE names to uniquely identify the vulnerabilities it describes, which will help system administrators to use CVE-compatible products and databases to help make their networks more secure.

Marcus Ranum, Ken Williams join CVE Editorial Board

Marcus Ranum of NFR and Ken Williams of eSecurityOnline.com have joined the CVE Editorial Board.

More Vulnerability Databases Provided to CVE

Six additional organizations are contributing their vulnerability databases to assist us in creating more candidates for CVE. Symantec, AXENT, The Nessus Project, PGP Security, BindView, and Cisco have all provided MITRE with items from their vulnerability databases. These items will help MITRE to create the next set of candidates for older security issues that have not been added to CVE yet, and to extend the set of references for existing candidates and entries.

CVE Candidate Numbers Included in Recent Security Advisories

BindView and Rain Forest Puppyrecently released security advisories that included CVE candidate numbers. The BindView advisory described CAN-2000-0305, and RFP's advisory identified CAN-2000-0350.

CVE Hosts Booth at 1st ICCC Conference May 23-25, 2000

MITRE hosted an exhibitor booth for CVE at the First International Common Criteria Conference (ICCC)on May 23-25, 2000, at the Baltimore Convention Center in Baltimore, MD. The conference was sponsored by the National Information Assurance Partnership (NIAP), a collaboration between national institute of standards and technology (NIST) and the National Security Agency (NSA). The conference was attended by more than 600+ information security and other professionals, introducing CVE to a wider audience of information technology (IT) security testing laboratories, product and system evaluators, validators and certifiers, systems accreditors, etc.

May 18, 2000

Vulnerability Databases Providing More Candidates for CVE

Various organizations are contributing their vulnerability databases so that we can create more candidates for CVE. Security Focus, Neohapsis, ISS, and Harris have all provided MITRE with items from their vulnerability databases. These will help MITRE to create the next set of candidates for older security issues that have not been added to CVE yet, and to extend the set of references for existing candidates and entries.

CVE Referenced in Recent Edition of InfoWorld

CVE was referenced as "attempting to bring order to the madness that ravages the Internet every day" in a column about good vulnerability information sources in the May 12, 2000 edition of InfoWorld. The Security Watch column, entitled "Your Best Defense Against Hack Attacks: Good Information and an Insurance Policy," also included a link to the CVE Web site.

CVE to Brief at Canadian Information Technology Security Symposium, Ottawa, on June 21

MITRE is currently scheduled to brief CVE at the annual Canadian Information Technology Security Symposiumscheduled for June 19-23, 2000, Ottawa, Canada. The conference is sponsored by the Communications Security Establishment (CSE), the Canadian Federal Government agency responsible for information technology security, and will focus on PKI issues and solutions, e-commerce/e-business, critical information infrastructure protection, intrusion detection, and security in open source software.

May 11, 2000

AXENT Technologies, Inc. now has several tools that are CVE-compatible. You can view the AXENT entries on the CVE-Compatible Products page.

Scott Lawler from the US Department of Defense CERT (DOD-CERT) has joined the Editorial Board.

May 8, 2000

CVE to Host Booth at ISSA Security Conference on June 8

MITRE is currently scheduled to host a CVE exhibitor booth at the New England ISSA Security Conference scheduled for June 8, 2000, on the main campus of Boston College in Newton, MA. The conference is sponsored by the New England Chapter of the Information Systems Security Association (ISSA). ISSA is an international organization of information security professionals that promotes interaction and communication among members regarding information security management and practices. Members include numerous international and U.S. financial institutions and other corporations, educational institutions, and government agencies.

May 4, 2000

Advanced Research Corporation (ARC) has announced that their vulnerability assessment tool, SARA, is now CVE-compatible.

You can view the entry on the CVE-Compatible Products page.

CVE to Brief at 1st International Common Criteria Conference May 23-25, 2000

MITRE is currently scheduled to brief CVE and host an exhibitor booth at the First International Common Criteria Conference (ICCC), scheduled for May 23-25, 2000, at the Baltimore Convention Center in Baltimore, MD. The conference is sponsored by the National Information Assurance Partnership (NIAP), a collaboration between national institute of standards and technology (NIST) and National Security Agency (NSA). For more information about the conference, visit the conference home page and the FBC/FITS Federal On-Site Technology Expositions page.

CVE Wins Technology Leadership Award, March 24, 2000

CVE was awarded the SANS 2000 Security Technology Leadership Award at the SANS Joint Computer Security Conference in Orlando, FL. The award was presented to MITRE's CVE team for "establishing, nurturing and sustaining the industry-wide cooperative Common Vulnerabilities & Exposures project." Read the MITRE press release.

MITRE Hosts CVE BOF at SANS 2000, March 23, 2000

MITRE hosted a CVE 'birds of a feather' reception on Thursday evening at the SANS 2000 Joint Computer Security Conference in Orlando, FL. This "meet and greet" event hosted more than 100+ information security experts and other conference attendees. A short briefing and question and answer session were well attended. CVE was represented by the MITRE team, along with representatives of several member organizations of the CVE Editorial Board. MITRE's CVE team also received the SANS 2000 Security Technology Leaderhip Award at the event.

MITRE Presents CVE Briefing at InfraGard Meeting, March 17, 2000

MITRE presented a briefing on CVE to the New England chapter of InfraGard on March 17th. InfraGard is a cooperative effort to exchange information between the FBI, other government agencies, academic institutions, and the business community about network security, illegal intrusions, disruptions, and exploited vulnerabilities of information systems. Once implemented, InfraGard will consist of an alert network and a Web site with information related to computer security and information infrastructure protection. The briefing was well received, and we have been invited to attend another meeting in the near future.

MITRE Presents CVE Briefing to ISSA, January 27, 2000

MITRE presented a briefing on the benefits of CVE to the New England Chapter of the Information Systems Security Association (ISSA)at their January meeting at Fleet Boston Financial in Boston. ISSA is an international organization of information security professionals that promotes interaction and communication among members regarding information security management and practices. Members include numerous international and U.S. financial institution and other corporations, educational institutions, and government agencies. On the strength of this presentation, CVE was invited to exhibit at the New England ISSA Security Conference on June 8, 2000 at Boston College in Chestnut Hill, MA.

Read MITRE's CVE Press Releases To-Date, Q1 2000

MITRE Employees Receive SANS Security Technology Leadership Awards, March 2000

MITRE's Information Security Dictionary Reaches Important Milestones/Microsoft, Ernst & Young Join Editorial Board, February 2000

MITRE and Top Security Organizations Launch First Public Dictionary of Computer Vulnerabilities to Boost Cyber-Defense, September 1999.

April 27, 2000

The CVE Initiative has achieved a new milestone by incorporating CVE candidate numbers into security advisories. ISS recently published two security advisories that include CVE candidate names. One is related to CAN-2000-0249and the other is related to CAN-2000-0248.

CVE version 20000425 will be published to the CVE Web site in the next few days. It has 34 new entries, for a total of 644 entries.

April 20, 2000

CVE version 20000418 will be published to the CVE Web site in the next few days. It has 31 new entries, for a total of 610 entries.

CVE was the winner of the SANS 2000 Security Technology Leadership Award.

Casper Dik from Sun Microsystems has joined the Editorial Board.

The Nessus Project's (Renaud Deraison & Jordan Hrycaj) Nessus Security Tool is now CVE-compatible. You can view the entry on the CVE-Compatible Products page.

April 13, 2000

CVE version 20000410 has been released. It has 23 new entries, for a total of 579 entries.

A new addition has been made to the CVE-Compatible Products page: The National Institute of Standards and Technology I-CAT tool.

Drew Williams from BindView Corporation has provided CVE with a supporting quote on the What Others Are Saying page. His supporting quote can be viewed here .

March 22, 2000

CVE Version 20000322 has been released, with 53 new entries. This version of CVE has 556 entries.

March 21, 2000

A new addition has been made to the CVE-Compatible Products page: PGP Security, Network Associates' CyberCop Monitor and CyberCop Scanner.

March 16, 2000

The Editorial Board met at AXENT near Salt Lake City, Utah, on March 9-10. They discussed voting to approve candidates, issues related to Board membership, CVE Compatibility, and content decisions.

A new addition has been made to the CVE-Compatible Products page: World Wide Digital Security's Security Administrator's Integrated Network Tool (SAINT).

March 2, 2000

Marvin Christensen from IBM Emergency Response Service (ERS) has joined the Editorial Board.

February 1, 2000

There are four new additions to the Editorial Board; David LeBlanc from Microsoft, Ronson Nguyen from Ernst & Young, Jim Magdych from NAI, and Steve Schall from ODS.

The official CVE list has surpassed the 500 entry mark! CVE now lists 503 security vulnerabilities and exposures. The new version of CVE can be searched and is available for download.

The CVE candidate list is now publicly available! Candidates are items that are actively being considered for inclusion into CVE by the CVE Editorial Board. The current candidate list contains over 554 entries. You can learn more about candidates, search the candidates list, and download the current candidate list.

There are three new additions to the CVE-Compatible Products page: CYRANO, Ernst & Young, and Max Vision Network Security/Whitehats. Check them out.

Max Vision from Max Vision Network Security/Whitehats has provided CVE with a supporting quote on the What Others Are Saying page. His supporting quote can be viewed here.

January 4, 2000

The CVE list has been updated! CVE now lists 473 security vulnerabilities and exposures. The new version of CVE can be searched and is available for download.

 
Page Last Updated: May 06, 2009