Cyber attackers are constantly scanning the Internet looking for vulnerabilities in computer systems that will enable them to take control and use the systems for illegal or unethical activities such as identity theft, industrial espionage or distributing spam. For those trying to prevent such attacks, keeping up with the 300 or so new vulnerabilities discovered each month can be an overwhelming task, especially since a single flaw can be known by numerous names.
The new National Vulnerability Database (NVD) from the National Institute of Standards and Technology (NIST) will make it easier for system administrators and other security professionals to learn about vulnerabilities and how to remediate them. The NVD is a comprehensive database that integrates all publicly available U.S. government resources on vulnerabilities and provides links to many industry resources. NVD is built upon a dictionary of standardized vulnerability names and descriptions called Common Vulnerabilities and Exposures.
Updated daily, NVD currently contains information on almost 12,000 vulnerabilities. It allows users to search by a variety of characteristics, including vulnerability type, severity and impact; software name and version number; and vendor name. NVD also can be used to research the vulnerability history of a product and view vulnerability statistics and trends.
NVD was developed by researchers in NIST's Computer Security Division with support from the Department of Homeland Security's National Cyber Security Division. For more information, go to http://nvd.nist.gov/.