News

Experts have doubts in the effectiveness of the CVE database

Experts have doubts in the effectiveness of the CVE database and advised researchers not to rely solely on this threat database when scanning for vulnerabilities in the system.

As stated in the report of the company Risk Based Security, such a solution will make IT professionals miss almost a third of all vulnerabilities.

“If your organization is currently relying on CVE (and most are), at least 33% of all disclosed vulnerabilities are completely unknown to you”, — said the company’s cofounder Jake Kouns in the report.

According to the company, the problem is that the MITRE team basically waits until researchers or manufacturers inform the organization about the vulnerability to assign a CVE identifier.

Thus, if a specialist does not report a problem and does not request a CVE, the vulnerability will not be entered into the database at all. Instead, information about it will be entered into other databases, for example, BitBucket, SourceForge, GitHub, or in own manufactrer’s databases.

Read also: The expert created a PoC exploit that bypasses PatchGuard protection

As stated in the report, many CVEs remain in a “reserved” state for a long time. CVE is reserved if details about it have not yet been published for security reasons.

However, CVE is slow to process the details and update the CVE report for many bugs even after details are in the public domain, the report warns”, — writes Infosecurity Magazine author Danny Bradbury.

The nonprofit CVE project turned 20 last month, and over time, it covered a relatively small number of vulnerabilities. However, by 2017, the number of vulnerabilities included in it increased by 128%, and every year it becomes more and more.

Problem processing slowed as the organization’s team faced a greater workload, the report said. The CVE program has responded by increasing the number of CVE Numbering Authorities (CNAs), which are the organizations that can grant a CVE number for a reported security bug. Mitre is working hard to keep up with the increasing volume of bugs, but no one will deny that it’s a challenge.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove News-bpudepi.today Pop-up Ads

About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…

20 hours ago

Remove Doguhtam.xyz Pop-up Ads

About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…

20 hours ago

Remove News-xlixoti.com Pop-up Ads

About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…

20 hours ago

Remove Ducesousightion.com Pop-up Ads

About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…

20 hours ago

Remove News-xlabica.live Pop-up Ads

About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…

20 hours ago

Remove Mergechain.co.in Pop-up Ads

About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…

20 hours ago