NVD - A Catalogue of Vulnerabilities

Within the infosec and SecOps community, NVD is a well-known entity, but we realised outside of it, there are few who are aware of its existence.
So what is it exactly?

NVD stands for National Vulnerability Database. It is one of the largest collection of vulnerabilities that have been reported by software vendors or security researchers all over the world. Thousands of IT-Security teams and enterprises use this data source for vulnerability management, security and compliance of their tech stack.

NVD was originally conceptualised in 2000 in the U.S with the objective of creating an access database of attack scripts, but later on, evolved to be a collection of vulnerabilities. It is maintained by a group within NIST and builds upon the work of MITRE and others. Vulnerabilities in the NVD are called Common Vulnerabilities and Exposures (CVE). All NVD data is freely available. There are no fees, licensing restrictions, or even a requirement to register. These feeds are updated approximately every two hours.

So is NVD the answer to all your vulnerability management issues?

Unfortunately No. The problem is vulnerability disclosure time latency. In this context, vulnerability disclosure time latency is the delay between a vendor disclosing a vulnerability and the NVD publishing the vulnerability. Relying on only one vulnerability news source can leave an organization more at risk if they only rely on the NVD for vulnerability information.

Another drawback is the lack of context. Information of NVD doesn’t have the local context that organizations need to move quickly and take the best action. As organizations continue to expand their IT landscape and shift toward new technologies and services, they need to customize their vulnerability and threat ‘news’ that they use to make risk decisions.

We at SecOps Solution are solving these problems by relying on more than 50+ databases to obtain vulnerability feeds. Our patent-pending context-based risk identification & patching technology helps organisation prioritise and mitigate risks that are most critical to their business.

To schedule a demo, drop us a note at hello@secopsolution.com




Identifying top 1% Vulnerabilities in enterprise tech stack

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

My Favorite Google Product Alternatives

TryHackMe: Crack The Hash

💎Join #AuroraFS airdrop activities before it ends.

Why Operational Technology is Vital to National Security

BlockchainSpace Data Security Update

How to Delete Facebook Account?

Changes to Elastos CR consensus

6 things you need to remember to avoid “Airdrop Coin” scam from the perspective of Blockchain…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SecOps Solution

SecOps Solution

Identifying top 1% Vulnerabilities in enterprise tech stack

More from Medium

Android/BianLian payload

Kubernetes Network Policy or Blocking External Traffic will Slightly Reduce log4j Attack, not…

Deadface CTF Writeups

OSINT tweets liked by @aqfiazfan in Jan — Des 2021