Twenty-five years ago, there was no standardized or consistent terminology of vulnerabilities across different databases. As a result, comparing intrusion detection or assessment tools (IDS) from multiple vendors, correlating alerts, and integrating any tool with other information sources was a high-risk, laborious, or nearly impossible task.

This changed in 1999 with the creation of CVE (Common Vulnerabilities and Exposures, or Common Vulnerabilities and Exposures in Portuguese). It is a database created to help identify, describe and catalog publicly known vulnerabilities and risks and make the job of security professionals easier.

The launch of the MITER CVE Program was an important step in identifying and managing vulnerabilities. The adoption and continued number of CVEs assigned each year is a testament to how vital this Program has become; especially today when cloud service providers (CSPs) are transparent and assign CVEs to vulnerabilities in the cloud. There are more than 240,000 CVEs today; many of these have significantly impacted consumers, businesses and governments.

How does CVE impact security teams today?

A context-focused security strategy is one of the cybersecurity paths of the future. As soon as one threat is identified, another emerges, creating a continuous cycle of reactions rather than strategic, proactive management.

Security teams constantly react to new threats or vulnerabilities as they arise and fail to make significant progress in managing the overall security environment; This results in increased stress, decreased productivity, and too much time spent working on vulnerabilities that pose little real risk.

Tenable’s research report, “The Critical Few: Uncovering and Covering Significant Threats,” reveals that the most impactful risks account for only 3% of all vulnerabilities. Without context, every vulnerability, patch, and update seems to take precedence, making it nearly impossible to keep entire systems up to date.

database

Gone are the days when every risk was eliminated and every vulnerability was patched. Today it is necessary to focus on the priority, make corrections wherever possible and reduce risk by all possible means. Therefore, highlighting vulnerabilities that need to be fixed quickly is a vital part of a proactive cybersecurity strategy.

By paying full attention to the most important vulnerabilities, organizations can strengthen their defenses and allocate resources more effectively. In this sense, risk management is essential to clearly prioritize what actually poses a risk to the business.

All of this would not be possible or would be too complicated without MITER’s unified CVE project, a global effort of comprehensive and genuine collaboration between security groups for a safer planet.

Source: Tec Mundo

Previous articleThe former director of Marathon is suing Bungie and PlayStation: demanding more than $200 million
Next articleHeaviest antimatter particle detected by researchers to date
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.

LEAVE A REPLY

Please enter your comment!
Please enter your name here