NVD - A Catalogue of Vulnerabilities
Within the infosec and SecOps community, NVD is a well-known entity, but we realised outside of it, there are few who are aware of its existence.
So what is it exactly?
NVD stands for National Vulnerability Database. It is one of the largest collection of vulnerabilities that have been reported by software vendors or security researchers all over the world. Thousands of IT-Security teams and enterprises use this data source for vulnerability management, security and compliance of their tech stack.
NVD was originally conceptualised in 2000 in the U.S with the objective of creating an access database of attack scripts, but later on, evolved to be a collection of vulnerabilities. It is maintained by a group within NIST and builds upon the work of MITRE and others. Vulnerabilities in the NVD are called Common Vulnerabilities and Exposures (CVE). All NVD data is freely available. There are no fees, licensing restrictions, or even a requirement to register. These feeds are updated approximately every two hours.
So is NVD the answer to all your vulnerability management issues?
Unfortunately No. The problem is vulnerability disclosure time latency. In this context, vulnerability disclosure time latency is the delay between a vendor disclosing a vulnerability and the NVD publishing the vulnerability. Relying on only one vulnerability news source can leave an organization more at risk if they only rely on the NVD for vulnerability information.
Another drawback is the lack of context. Information of NVD doesn’t have the local context that organizations need to move quickly and take the best action. As organizations continue to expand their IT landscape and shift toward new technologies and services, they need to customize their vulnerability and threat ‘news’ that they use to make risk decisions.
We at SecOps Solution are solving these problems by relying on more than 50+ databases to obtain vulnerability feeds. Our patent-pending context-based risk identification & patching technology helps organisation prioritise and mitigate risks that are most critical to their business.
To schedule a demo, drop us a note at firstname.lastname@example.org