National Vulnerability Database

Plan to resuscitate beleaguered vulnerability database draws criticism

Posted on March 28, 2024 by Tim Starks

The National Vulnerability Database has ceased some of its work, but some experts fear the formation of a consortium to address its problems lacks sufficient urgency.

The post Plan to resuscitate beleaguered vulnerability database draws criticism appeared first on CyberScoop.

Continue reading Plan to resuscitate beleaguered vulnerability database draws criticism →

MyBook Users Urged to Unplug Devices from Internet

Posted on June 25, 2021 by BrianKrebs

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a previously unknown critical flaw that can be triggered by anyone who knows the Internet address of an affected device. Continue reading MyBook Users Urged to Unplug Devices from Internet→

In search of a B.S. filter for software bugs

Posted on April 15, 2020 by Sean Lyngaas

An organization can’t — and shouldn’t — care about each of the thousands of software vulnerabilities that are made public each year. A bug in a public-facing web browser probably won’t matter a lick for the control systems at an energy plant; an accounting firm can ignore a vulnerability in industrial computers it doesn’t use. Yet for some organizations, it’s an ongoing struggle to understand how a software bug might impact their business. On Wednesday, cybersecurity company Rapid7 took a stab at the issue by going public with a project that uses crowd-sourced feedback to rate vulnerabilities. The company invited security professionals of all stripes to use a web platform, known as Attacker Knowledge Base (KB), to assess the impact of a vulnerability to an organization, starting with a simple question: What could a malicious hacker do with the bug? The answers rate how easy it would be for a hacker to weaponize a vulnerability or what level of […]

The post In search of a B.S. filter for software bugs appeared first on CyberScoop.

Continue reading In search of a B.S. filter for software bugs→

China’s vulnerability disclosure system twice as fast as U.S. version

Posted on October 23, 2017 by Shaun Waterman

China’s National Vulnerability Database works more than twice as fast on average than its U.S. counterpart, according to new research. On average, U.S.-CERT takes 33 days after the public disclosure of a software vulnerability to complete the cataloging process and create an entry in the National Vulnerability Database (NVD), whereas China’s version (CNNVD) is updated an average of just 13 days after public disclosure, according to research published by cybersecurity firm Recorded Future. In its posting, the firm analyzed two years of vulnerability reporting data from both NVD and CNNVD. Because averages can be distorted by a small number of outlying data points (in this case, very long delays in vulnerability cataloguing) Recorded Future analyzed the data based on percentiles as well. “Within six days of initial disclosure, 75 percent of all vulnerabilities published on the web are covered in CNNVD. The U.S. NVD takes 20 days,” the researchers write. “CNNVD captures […]

The post China’s vulnerability disclosure system twice as fast as U.S. version appeared first on Cyberscoop.

Continue reading China’s vulnerability disclosure system twice as fast as U.S. version→