French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Security Vulnerabilities and Advisories Search Engine
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

FrSIRT and CVE compatibility


The Common Vulnerabilities and Exposures project (CVE) enables the FrSIRT to provide standardised security references that allow users to develop a CVE-enabled security management process. CVE provides a list of standardised names for vulnerabilities and security exposures. The inclusion of CVE names in FrSIRT advisories helps users associate generic vulnerabilities with specific security updates, which reduces the time spent handling vulnerabilities that affect users.

The availability of common security references also eases the management of security in an environment where CVE-enabled security tools such as network or host intrusion detection systems, or vulnerability assessment tools are already deployed.

All of the advisories can be retrieved on the FrSIRT web site, and alerts related to new vulnerabilities include CVE names if available at the time of their release. Advisories associated with a given CVE name can be searched directly through the search engine.

Users who want to search for a particular CVE name can use the web search engine to retrieve advisories associated with CVE names. A search can be made for a specific name (like CVE-2006-0001) or for partial names (like all the 2005 candidates included in advisories CVE-2005 or just 2005).

Common questions on CVE status

1. Why don't I find a given CVE name?
2. What is the difference between a CVE entry and a candidate?
3. Where can I obtain more information?

Q: Why don't I find a given CVE name?

You might not find a given CVE name in published advisories either because:

* The CVE name references a vulnerability that does not really exist (false positive).
* There is not yet an advisory covering that vulnerability.
* An advisory was published before a CVE name was assigned to a given vulnerability.

Q: What is the difference between a CVE entry and a candidate?

CVE candidates are those vulnerabilities or exposures under consideration for acceptance into CVE. Candidates are assigned special names to distinguish them from official CVE entries.

The database of published advisories is revised periodically to determine those candidates that have been accepted as CVE entries.

For more information please read CVE Candidates explained.

Q: Where can I obtain more information?

For more information visit the CVE web site.

 
 

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy