We all have heard about these organizations but do you know how these are related to each other. Let's explore a bit further. MITRE and NIST are sponsored by DHS CISA.
|
Sr. No. |
Organization |
Product |
|
1 |
FIRST |
CVSS
Scoring System |
|
2 |
NIST |
NVD
Database (2005) |
|
3 |
MITRE |
CVE List
(1999) |
So, NIST created NVD which takes CVE Lists from MITRE (which maintains CVE Lists) and provides base scores to those CVEs using CVSS scoring system made by FIRST. NVD also provides advanced search features such as by OS; by vendor name, product name, and/or version number; and by vulnerability type, severity, related exploit range, and impact.
Let us know which version of CVSS scoring system do you refer in your organization ?
Happy Learning !!
No comments:
Post a Comment