Did you know that now CVE is the industry standard for vulnerability and exposures identifiers? It wasn’t always that way. Now it’s the best way to coordinate all vulnerability information and their respective identities (descriptions) across the internet.
It’s a way to organize, on a global scale, all the latest security vulnerabilities across the internet, their descriptions and potential impacts on various applications, services, software, databases, servers, operating systems, hardware, etc.
Here is an example, one everyone should be familiar with, the heartbleed bug. CVE-2014-0160
What’s a CVE Numbering Authority?
They are organizations around the world that are authorized to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope of expertise and then they make them available for public notification. These CVE IDs are then provided to researchers, vulnerability advisories, and information technology vendors like The Selenium Group.
We utilize CVE information within our Selenium Shield application service to manage and ascertain potential risks to our client systems, services, and how to mitigate the vulnerabilities with strategic action plans.
If there is anything to take from this blog, it’s that there is a universal way to organize these all-important vulnerabilities and there are IT services, like our Selenium Shield that mitigate those risks for your business.
What questions should you ask your current IT provider?
- What vulnerability assessment tools are used to evaluate your computer assets?
- What procedures are in place to keep track of all systems, and all vulnerabilities that may impact your services?
- How often does your IT service provider run vulnerability scans and internal assessments and will they make that information available to you?
If you would like to get a free assessment and an introduction to our service and vulnerability assessment process, call us at any time. 1-833-414-7200.
We would be more than happy to assess your vulnerabilities and sit down with you on an action plan to mitigate those risks.
How to become a CVE Numbering Authority (CNA).
How do I make my product or service compatible with CVE? See CVE Compatibility Guidelines.
The Selenium Group Team