CVE - Industry News Coverage

About CVE

Terminology
Documents
FAQs
CVE List

About CVE Identifiers
Search CVE
Search NVD
Updates & RSS Feeds
Request a CVE-ID
CVE In Use

CVE-Compatible Products
NVD for CVE Fix Information
CVE Numbering Authorities
News & Events

Calendar
Free Newsletter
Community

CVE Editorial Board
Sponsor
Contact Us

Search the Site

News & Events

Calendar of Events
Industry News Coverage
Press Center
News & Events Archive
Free Newsletter

Industry News Coverage

Below is a comprehensive monthly review of the news and other media’s coverage of CVE. A brief summary of each news item is listed with its title, author (if identified), date, and media source.

January 2012

Government Computer News, January 9, 2012

CVE is mentioned in a January 9, 2012 article entitled "Getting the most out of automated IT security management" on Government Computer News.com. The main topic of the article is the National Institute of Standards and Technology (NIST) updating its guidelines for using Security Content Automation Protocol (SCAP) "for checking and validating security settings on IT systems" by releasing "Special Publication 800-117, Guide to Adopting and Using the Security Content Automation Protocol Version 1.2, Revision 1."

CVE is mentioned when the author explains how SCAP combines several existing community standards created and maintained by several different organizations "including MITRE Corp., the National Security Agency, and the Forum for Incident Response and Security Teams", and that the "specifications making up SCAP are divided into languages, reporting formats, enumerations, measurement and scoring systems, and integrity protection." The author then lists the 11 SCAP components, with CVE included under Enumerations. The other MITRE initiatives listed are Common Platform Enumeration (CPE) and Common Configuration Enumeration (CCE), also under Enumerations, and under Languages, Open Vulnerability and Assessment Language (OVAL). The article concludes with a summary of the updates to the guidelines.

The article was written by William Jackson.

December 2011

Department of Homeland Security Web Site, December 12, 2011

CVE is mentioned in the December 12, 2011 release of the U.S. Department of Homeland Security’s "Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise" on the DHS Web site.

The blueprint, as described on the DHS blog, "outlines an integrated approach to enable the homeland security community to leverage existing capabilities and promote technological advances that make government, the private sector and the public safer, more secure, and more resilient online. Specific actions outlined in the strategy range from hardening critical networks and prosecuting cybercrime to raising public awareness and training a national cybersecurity workforce. Cybersecurity is a shared responsibility, and each of us has a role to play. In today’s interconnected world, emerging cyber threats require the engagement of our entire society including government and law enforcement, the private sector, and members of the public. In preparing this strategy, the Department benefited from the constructive engagement of representatives from state and local governments, industry, academia, non-governmental organizations, and many dedicated individuals from across the country. As we implement this strategy, DHS will continue to work with partners across the homeland security enterprise to implement the goals outlined in the Blueprint."

CVE is mentioned in the blueprint itself as one of two "Core capabilities for the homeland security enterprise in the "Increase Technical and Policy Interoperability Across Devices" subsection of the "Build Collaborative Communities" section of the blueprint, as follows: "On a device-to-device level, strengthen collaboration, create new intelligence, hasten learning, and improve situational awareness … A proven ability to communicate about cyber incidents through standardized dictionaries of key informational elements, including software vulnerabilities, weaknesses, patterns of attack, and malware classification as well as security content that is structured for automated sharing where appropriate. Resources include the National Vulnerability Database, Common Vulnerabilities and Exposures (CVE), and the Information Assurance Checklists housed on the National Checklist Program."

The blueprint is available for free download at http://www.dhs.gov/files/publications/blueprint-for-a-secure-cyber-future.shtm.

Page Last Updated: February 10, 2012