, SecurityFocus 2005-08-12
The National Institute of Standards and Technology and the Department of Homeland Security took the wraps off the National Vulnerability Database this week, but questions still remain whether the federal initiative improves upon existing databases or just adds another choice to the current collections of flaws.
Expand all |
Post comment
If you understood the simple fact that the databases you mention are maintained by organizations that have no obligations to meet any standards whatsoever, you would see the requirement of Government to support this initiative. Those organizations can manipulate the information as they see fit without any reason. It comes down to 'trust'
The NIST database provides a trusted source for security professionals to reference vulnerability information that is both credible and supported by a much larger organization.
If your argument is based upon whether or not to trust the U.S. Government, please take into context that an evaluation of the trust for those private organizations must also be considered. As an experienced security professional who does enterprise risk assessments for corporations in critical infrastructure industries, there is no way any of those organizations would accept a private entity which has other driving factors over a Government supported mechanism.
It is as simple as that.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11278/32322#32322