Security database: The hits just keep on coming

Just more than a year ago, the National Institute of Standards and Technology built an online database to help organizations track security flaws in popular software products.

The National Vulnerability Database Web site is on pace to receive 25 million hits per year, according to NIST, so users obviously like it. And the need for it has never been greater. The database, which began with a list of 12,000 vulnerabilities, recently hit 20,000, with no sign of slowing.

“I think 20,000 is just the tip of the iceberg,” said Peter Mell, a senior computer scientist at NIST who created the database. He said software vulnerabilities are increasing exponentially, and vendors are unaware of many security flaws lurking within their applications.

Alan Paller, director of research at the SANS Institute, said the majority of the 5,000 most recent posted vulnerabilities involved Web-related applications. In early September, NIST and Red Hat established a commenting forum for companies that wanted to report vulnerabilities that could affect multiple software applications.

The NIST database categorizes software problems by product and vendor name and version number, and it provides information on known fixes and links to relevant industry sources. The database also notes the severity of each flaw, using the industry standard Common Vulnerability Scoring System so users can decide which problems to address first, according to NIST.

Featured

  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected