NIST, DHS add national vulnerability database to mix

NIST, DHS add national vulnerability database to mix
Robert Lemos, SecurityFocus 2005-08-12

The National Institute of Standards and Technology and the Department of Homeland Security took the wraps off the National Vulnerability Database this week, but questions still remain whether the federal initiative improves upon existing databases or just adds another choice to the current collections of flaws.

Expand all | Post comment

What a total waste of federal funds!!! 2005-08-12
Age (1 replies)

There are already a good number of vulnerability databases. The big two that come to mind initially are

ISS X-Force Database http://xforce.iss.net/xforce/search.php

and the OSVDB

http://www.osvdb.org/

I've read both of them over and they are far superior to the NVD. They also reference CVEs. This duplication of effort is another sign of government waste. NIST for years has been putting out documents that are years behind industry. With the NVD, they are maintaining that trend.

Oh yeah, and the CVSS is vendor-driven drivel. If you read over the methodology for it, you'll notice the many fallacies in it.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11278/32309#32309

Re: What a total waste of federal funds!!! 2005-08-16
Certified Security Professional (1 replies)

Re: Re: What a total waste of federal funds!!! 2005-08-19
Age

Poker Rating 2006-01-28
Alex