August 11th, 2005 was the debut of NVD (The National Vulnerablility
Database) by the National Institution of Standards and Technology
(NIST). Quoting directly from the NVD website “NVD is a
comprehensive cyber security vulnerability database that integrates all
publicly available U.S. Government vulnerability resources
and provides references to industry resources. It is based on and
the CVE vulnerability naming standard.” The database is funded by the Department of Homeland Security’s National Cyber Security Division.
So what NIST has provided us in the form of NVD is a comprehensive one
stop shop for locating information about vulnerabilities in products
presented in an easy to use format. I spent a few minutes with
the database, popping in the names of software vendors and you
certainly will find tons of info, even on software packages that don’t
pop into your mind when thinking about vulnerabilities – such as your
back up software.
This is certainly a site you want to bookmark and make visiting it a
regular part of your security protocols. You can get to it by