Jump to content

National Vulnerability Database

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Jericho347 (talk | contribs) at 21:46, 6 December 2017 (remove inaccurate sentence, touch-ups for style, better explain scoring and the framework used). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The National Vulnerability Database is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics. NVD supports the Information Security Automation Program (ISAP).

On Friday March 8, 2013, the database was taken offline after it was discovered that the system used to run multiple government sites had been compromised by a software vulnerability of Adobe ColdFusion.[1][2]

In addition to providing a list of Common Vulnerabilities and Exposures (CVEs), the NVD scores vulnerabilities using the Common Vulnerability Scoring System (CVSS) which is based on a set of equations using metrics such as access complexity and availability of a remedy.[3]

References

  1. ^ "Adobe software vulnerabilities blamed for NIST NVD infection."
  2. ^ "US national vulnerability database hacked."
  3. ^ "NVD - CVSS v2 Equations". nvd.nist.gov. Archived from the original on 2013-12-21. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)


Stub icon

This United States government–related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=National_Vulnerability_Database&oldid=814096758"