Skip to content

customize

US-CERT and NVD

 

What is the NVD?

The National Vulnerability Database (NVD) is a product of the National Institute of Standards and Technology (NIST) Computer Security Division and is sponsored by the Department of Homeland Security's (DHS) National Cyber Security Division. US-CERT resources are found in the NVD, particularly vulnerability notes and technical alerts. NVD is a comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources. It is based on and synchronized with the Common Vulnerabilities and Exposures (CVE®) vulnerability naming standard.

NVD was created to provide technical capabilities and support for a variety of vulnerability standards. NVD's mission involves warning the public about vulnerabilities in computer systems. NVD helps DHS fulfill that mission by offering vulnerability information on all publicly known computer vulnerabilities. As far as technical capabilities, NVD provides this information using a search engine while integrating all publicly available U.S. government vulnerability resources. All of this information is given away for free with no licensing restrictions through XML and RSS feeds.

Statistics on the nature of vulnerabilities are provided through the NVD statistics engine. This service allows users to assess changes in vulnerability discovery rates within specific products or within specific types of vulnerabilities. The NVD statistics engine allows one to generate statistics on vulnerability trends over time. One can track particular products or vendors. Alternately, one can track sets of vulnerabilities with particular attributes (such as remotely exploitable buffer overflows). The statistics engine can also look at the past history of a product as an indicator to see whether or not it is likely to be vulnerable in the future.

NVD is

  • A comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources
  • A vulnerability database that integrates Open Vulnerability Assessment Language (OVAL) queries
  • Based on and synchronized with the CVE® vulnerability naming standard
  • Free to the public on the NVD website