Los expertos tienen dudas en la eficacia de la base de datos CVE

Experts have doubts in the effectiveness of the CVE database and aconsejado researchers not to rely solely on this threat database when scanning for vulnerabilities in the system.

UNAs stated in the report of the company Risk Based Security, solución de este tipo hará que un profesionales de TI pierden casi un tercio de todas las vulnerabilidades.

“If your organization is currently relying on CVE (and most are), al menos 33% of all disclosed vulnerabilities are completely unknown to you”, — said the company’s cofounder Jake Kouns in the report.

según la compañía, the problem is that the MITRE team basically waits until researchers or manufacturers inform the organization about the vulnerability to assign a CVE identifier.

Así, if a specialist does not report a problem and does not request a CVE, the vulnerability will not be entered into the database at all. En lugar, information about it will be entered into other databases, Por ejemplo, BitBucket, SourceForge, GitHub, or in own manufactrer’s databases.

leer también: The expert created a PoC exploit that bypasses PatchGuard protection

As stated in the report, many CVEs remain in a “reserved” state for a long time. CVE is reserved if details about it have not yet been published for security reasons.

sin embargo, CVE is slow to process the details and update the CVE report for many bugs even after details are in the public domain, the report warns”, - escribe Infosecurity Magazine author Danny Bradbury.

The nonprofit CVE project turned 20 El mes pasado, and over time, it covered a relatively small number of vulnerabilities. sin embargo, por 2017, the number of vulnerabilities included in it increased by 128%, and every year it becomes more and more.

Problem processing slowed as the organization’s team faced a greater workload, the report said. The CVE program has responded by increasing the number of CVE Numbering Authorities (CNAs), which are the organizations that can grant a CVE number for a reported security bug. Mitre is working hard to keep up with the increasing volume of bugs, but no one will deny that it’s a challenge.

Sobre Polina Lisovskaya

Trabajo como gerente de marketing desde hace años y me encanta buscar temas interesantes para ti.

también puedes ver

Los estafadores crean dominios para negociar acciones y criptomonedas

Dominios de inversión para operar con acciones y criptomonedas falsas

Al comienzo de 2021 expertos del centro CERT-GIB vieron un aumento significativo en …

parte superior 10 las estafas más populares de 2021

parte superior 10 la estafa de phishing más popular de 2021

La analítica de Positive Technologies publicó recientemente un informe donde discutieron los más comunes …

Deja una respuesta