전문가들은 CVE 데이터베이스의 효과에 의심이

Experts have doubts in the effectiveness of the CVE database and advised researchers not to rely solely on this threat database when scanning for vulnerabilities in the system.

에이s stated in the report of the company Risk Based Security, 이러한 솔루션은 IT 전문가는 거의 모든 취약점의 세 번째 그리워 할 것.

“If your organization is currently relying on CVE (and most are), 적어도 33% of all disclosed vulnerabilities are completely unknown to you”, — said the company’s cofounder Jake Kouns in the report.

회사에 따르면, the problem is that the MITRE team basically waits until researchers or manufacturers inform the organization about the vulnerability to assign a CVE identifier.

그러므로, if a specialist does not report a problem and does not request a CVE, the vulnerability will not be entered into the database at all. 대신, information about it will be entered into other databases, 예를 들면, BitBucket, SourceForge, GitHub의, or in own manufactrer’s databases.

또한 읽기: he expert created a PoC exploit that bypasses PatchGuard protection

As stated in the report, many CVEs remain in a “reserved” state for a long time. CVE is reserved if details about it have not yet been published for security reasons.

하나, CVE is slow to process the details and update the CVE report for many bugs even after details are in the public domain, the report warns”, - 기록 Infosecurity Magazine author Danny Bradbury.

The nonprofit CVE project turned 20 last month, and over time, it covered a relatively small number of vulnerabilities. 하나, 으로 2017, the number of vulnerabilities included in it increased by 128%, and every year it becomes more and more.

Problem processing slowed as the organization’s team faced a greater workload, the report said. The CVE program has responded by increasing the number of CVE Numbering Authorities (CNAs), which are the organizations that can grant a CVE number for a reported security bug. Mitre is working hard to keep up with the increasing volume of bugs, but no one will deny that it’s a challenge.

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

VirusTotal에 시차 RAT 감지

시차 RAT 제거 지침.

이 가이드는 시차 RAT에 대한 자세한 정보를 제공합니다. 단축형 …

StackOverflow의 자바 코드 오류

StackOverflow의 자바 코드의 대부분을 복사 조각에 오류가 있습니다

그것은 알고 보니, StackOverflow의 자바 코드의 대부분의 복사 조각이 들어있는 …

회신을 남겨주