Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Vulnerability Database Hits 20,000 Software-Flaw Mark

For Immediate Release: October 26, 2006

Bookmark and Share

Contact: Michael Baum

Established just a little over a year ago, the National Institute of Standards and Technology's (NIST) National Vulnerability Database (NVD) now contains information on 20,000 computer system vulnerabilities, up from the original 12,000, and the Web site receives hits at a rate of 25 million per year. For those trying to prevent computer system attacks, keeping up with the hundreds of new vulnerabilities discovered each month can be an overwhelming task, especially since a single flaw can be known by numerous names. The NVD provides standard vulnerability names, integrates all publicly available U.S. government resources on vulnerabilities, provides links to industry resources, and provides standardized vulnerability impact scores using the Common Vulnerability Scoring System. This makes it easier to learn about new vulnerabilities and how to remediate them. NVD is updated daily and can be searched by a variety of vulnerability characteristics; including severity, vendor name, software name and version number. At the request of the software industry, in September, 2006, NIST established a forum on the NVD Web site for software vendors to comment on vulnerabilities in their products. NVD is sponsored by the Department of Homeland Security’s US-CERT and is based upon Common Vulnerabilities and Exposures (CVE) work from the MITRE Corporation. For more information, go to http://nvd.nist.gov/.