The English full name of CVE is "Common Vulnerabilities &; Exposures "general vulnerability disclosure. CVE is like a dictionary table, which gives a common name for widely recognized information security vulnerabilities or weaknesses that have been exposed. Using the same name can help users to enjoy data in various independent vulnerability databases and vulnerability assessment tools, although these tools are difficult to integrate.
This makes CVE a "keyword" enjoyed by security information. If a vulnerability is indicated in a vulnerability report, if there is a CVE name, you can quickly find the corresponding patch information in any other CVE-compatible database to solve the security problem.
The main methods of real-time intrusion detection and vulnerability scanning evaluation are "known intrusion detection" and "known vulnerability scanning", in other words, knowledge-based technology. It can be seen that the important signs that determine an IDnA technology and product are the types of intrusions and the number of vulnerabilities that can be detected.
1InfoWorld on February 8th, 999 described in a comparison between ISS's Internet Scanner5.6 and NAI's CyberCop2.5, "Because there is no classification standard for these scanner platforms, it is very difficult to compare their databases directly. We found that the same vulnerability in Internet Scanner and CyberCop uses different names ... "
When describing the level of their products, various IDnA manufacturers will claim that they have the largest number of scanning vulnerabilities. You said there were 1000, and I said there were 5000. How do our users tell? Different manufacturers have different knowledge bases in terms of intrusion methods and vulnerabilities. How can users get all the security information to the maximum extent? CVE came into being under such circumstances.