It only takes a single vulnerability to make your business a target for a cyber attack. Research shows that roughly half of all small and mid-sized businesses (SMBs) have sustained a cyber attack in the past year. While there are many different types of cyber attacks, most of them begin with a vulnerability. You can protect your business from cyber attacks, however, by familiarizing yourself with the Common Vulnerabilities and Exposures (CVE) database.
Overview of the CVE Database
The CVE database is a library of known vulnerabilities and security weaknesses. It’s spearheaded by the nonprofit organization MITRE. The MITRE manages the CVE database with the sponsorship of the U.S. federal government, including the U.S. Department of Homeland Security (DHS).
The purpose of the CVE database is to help businesses and other organizations identify vulnerabilities in their information technology (IT) infrastructures. You can check the CVE database, for instance, to see if there are any known vulnerabilities with the software and services on your business’s IT infrastructure.
CVE IDs: What You Should Know
The CVE database consists of IDs. Each vulnerability has a unique ID. With IDs, no vulnerability is listed multiple times. The only time when a vulnerability has multiple IDs is if it affects multiple codebases. You can review the CVE ID to find specific vulnerabilities.
CVE IDs are accompanied by information about the respective vulnerability. You’ll find a description of the vulnerability, for example. To learn more about a vulnerability, you can read the description associated with its CVE ID. Some CVE IDs may come with links as well. You can find links to reports and research about vulnerabilities.
How Vulnerabilities Are Selected for the CVE Database
Not all vulnerabilities are eligible for the CVE database. There are certain criteria that vulnerabilities must meet. Vulnerabilities, for instance, must be acknowledged by the vendor or developer. Only after the vendor or developer confirms the presence of a vulnerability will it be eligible for the CVE database.
Vulnerabilities must also have a negative impact on security. Some vulnerabilities are harmless, whereas others can cause widespread destruction to IT infrastructures. Only vulnerabilities that can cause some form of harm are eligible for the CVE database.
Another requirement for CVE eligibility is that vulnerabilities must be independently fixable. In other words, a vulnerability must be able to be fixed regardless of other vulnerabilities or weaknesses. If a vulnerability can’t be fixed without fixing another vulnerability or weakness, it won’t be eligible for the CVE database.