Security Automation Conference & Workshop

Vulnerabilities

Product Dictionary

SCAP Validated Tools

Vendor Comments

Mission and Overview

NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).

Resource Status

NVD contains:

32678	CVE Vulnerabilities
161	Checklists
151	US-CERT Alerts
2257	US-CERT Vuln Notes
2097	OVAL Queries

Last updated: 09/15/08

CVE Publication rate:

11 vulnerabilities / day

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 6.66

About Us

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

Security Automation Conference & Workshop

September 18 - 19, 2006

Conference Presentations

Day 1 Presentations

Tony Sager, NSA - Security Content Automation

Ron Ross, NIST - Automated Tools Supporting FISMA Success

Richard Hale, DISA - Information Security & Security Automation in DoD (coming soon)

Dennis Heretick - DOJ - Compliance Challenges, Successes, & Improvements

Peter Mell & Stephen Quinn, NIST - Automated Security Compliance

Don Armstrong & Kurt Dillard, Microsoft - Locking Down Windows

Glenn Brunette, Sun Microsystems - Solaris Security

Eustace King, OSD/NII-IAD - DoD DIACAP & Security Automation

Day 2 Presentations

Todd Wittbold, MITRE - Security Automation (XCCDF/OVAL Intro)

David Mann, MITRE - CVE & CCE Overview

Neal Ziring, NSA - XCCDF Evolution

Andrew Bove, Secure Elements, Inc. - Secure Elements Tools

Dave Waltermire & Clint Kreitner, CIS - NG Tool & Dashboard

Drew Buttner, MITRE - OVAL version 5.0

Randy Taylor & Bob Hollis, ThreatGuard, Inc. - FISMAScout

Kent Landfield, Citadel - Hercules & Vulnerability Related Standards

Paul Green, G2, Inc. - Security Automation & Security Lifecycle

Disclaimer Notice & Privacy Statement / Security Notice

Send comments or suggestions to nvd@nist.gov

NIST Computer Security Resource Center (CSRC)

NIST is an Agency of the U.S. Commerce Department

Full vulnerability listing