Security database: The hits just keep on coming

Just more than a year ago, the National Institute of Standards and Technology built an online database to help organizations track security flaws in popular software products.

The National Vulnerability Database Web site is on pace to receive 25 million hits per year, according to NIST, so users obviously like it. And the need for it has never been greater. The database, which began with a list of 12,000 vulnerabilities, recently hit 20,000, with no sign of slowing.

“I think 20,000 is just the tip of the iceberg,” said Peter Mell, a senior computer scientist at NIST who created the database. He said software vulnerabilities are increasing exponentially, and vendors are unaware of many security flaws lurking within their applications.

Alan Paller, director of research at the SANS Institute, said the majority of the 5,000 most recent posted vulnerabilities involved Web-related applications. In early September, NIST and Red Hat established a commenting forum for companies that wanted to report vulnerabilities that could affect multiple software applications.

The NIST database categorizes software problems by product and vendor name and version number, and it provides information on known fixes and links to relevant industry sources. The database also notes the severity of each flaw, using the industry standard Common Vulnerability Scoring System so users can decide which problems to address first, according to NIST.

Featured

  • People
    2021 Federal 100 Awards

    Announcing the 2021 Federal 100 Award winners

    Meet the women and men being honored for their exceptional contributions to federal IT.

  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

Stay Connected