Experten haben Zweifel an der Wirksamkeit der CVE-Datenbank

Experts have doubts in the effectiveness of the CVE database and advised researchers not to rely solely on this threat database when scanning for vulnerabilities in the system.

EINs stated in the report of the company Risk Based Security, Eine solche Lösung wird IT-Profis fast ein Drittel aller Sicherheitslücken nicht machen.

“If your organization is currently relying on CVE (and most are), wenigstens 33% of all disclosed vulnerabilities are completely unknown to you”, — said the company’s cofounder Jake Kouns in the report.

nach Angaben des Unternehmens, the problem is that the MITRE team basically waits until researchers or manufacturers inform the organization about the vulnerability to assign a CVE identifier.

Somit, if a specialist does not report a problem and does not request a CVE, the vulnerability will not be entered into the database at all. Stattdessen, information about it will be entered into other databases, Zum Beispiel, BitBucket, SourceForge, GitHub, or in own manufactrer’s databases.

lesen Sie auch: The expert created a PoC exploit that bypasses PatchGuard protection

As stated in the report, many CVEs remain in a “reserved” state for a long time. CVE is reserved if details about it have not yet been published for security reasons.

jedoch, CVE is slow to process the details and update the CVE report for many bugs even after details are in the public domain, the report warns”, - schreibt Infosecurity Magazine author Danny Bradbury.

The nonprofit CVE project turned 20 last month, and over time, it covered a relatively small number of vulnerabilities. jedoch, durch 2017, the number of vulnerabilities included in it increased by 128%, and every year it becomes more and more.

LESEN  Die Forscher fanden heraus, eine Verbindung zwischen Sodinokibi und GandCrab Ransomware

Problem processing slowed as the organization’s team faced a greater workload, the report said. The CVE program has responded by increasing the number of CVE Numbering Authorities (CNAs), which are the organizations that can grant a CVE number for a reported security bug. Mitre is working hard to keep up with the increasing volume of bugs, but no one will deny that it’s a challenge.

[Gesamt:0    Durchschnitt: 0/5]

Über Trojan Mörder

Tragen Sie Trojan Killer-Portable auf Ihrem Memory-Stick. Achten Sie darauf, dass Sie in der Lage sind, Ihr PC keine Cyber-Bedrohungen widerstehen zu helfen, wo immer Sie sind.

überprüfen Sie auch

Parallax RAT detection on VirusTotal

Parallax RAT removal instructions.

This guide will provide you with more detailed information about the Parallax RAT. You will

Stackoverflow Java Code-Fehler

Das am häufigsten kopierte Stück Java-Code auf Stackoverflow enthält einen Fehler

Wie sich herausstellte, the most copied piece of Java code on StackOverflow contains an

Hinterlasse eine Antwort