Improve vendor data security with CVE
security vulnerabilities

Use the CVE system to conduct a complete, comprehensive assessment of your vendor security.
Get in touch

Improve vendor data security with CVE
security vulnerabilities

Use the CVE system to conduct a complete, comprehensive assessment of your vendor security.
Get in touch

What does CVE mean?

Common Vulnerabilities and Exposure or CVE is a list of publicly disclosed computer security flaws.

It does not function as a database of security flaws. It operates by assigning a CVE ID number to security vulnerabilities, allowing security advisors to coordinate and address vulnerabilities more effectively.

What is the difference between vulnerability and exposure?

Exposure is defined as the location, attributes, and value of assets vital to communities that could be affected by a destructive phenomenon or a hazard. Vulnerability, on the other hand, refers to the chance that an asset will be damaged.

Exposure is meant to highlight what is valuable to most organisations, while vulnerability highlights what could be damaged in the long run.
Image

How Are CVEs determined?

CVE security vulnerabilities are determined by the following factors:
The vulnerability can be fixed independently of any other bugs.
The bug must be acknowledged by the vendor and that it hurts security.
The software flaw must affect one codebase. Flaws that could impact more than one product get a separate CVE.

How Are CVEs determined?

CVE security vulnerabilities are determined by the following factors:
  • CVE identifier number that indicates entry or candidate status
  • Brief description of the security vulnerability or exposure
  • Any pertinent references
  • How Are CVEs determined?

    CVE security vulnerabilities are determined by the following factors:
    • CVE identifier number that indicates entry or candidate status
    • Brief description of the security vulnerability or exposure
    • Any pertinent references

    Benefits of CVEs

    Using CVE can lead to the following advantages:
    You will know if your security products/services can work in sync with your enterprise
    You can verify if a specific issue has been accounted for and fixed
    You can make sure that the correct updates and fixes have been applied
    You can use this information to search for particular vulnerabilities

    Who reports CVEs?

    CVE vulnerability data is taken from the National Vulnerability Database (NVD) through XML feeds provided by the National Institute of Standards and Technology.

    Additional data sources like exploits, vendor statements, and extra data supplied from a vendor are also considered.
    Image

    What are the limitations of CVE?

    CVE is not meant to be a vulnerability database; it does not contain a complete, comprehensive entry of all the vulnerabilities that exist. This makes it hard to conduct a vulnerability test based purely on CVE.

    The CVE security vulnerabilities system also refers to unpatched software only, which means patched software has a security vulnerability not included on the CVE.

    How can RiskXchange help?

    Want to see how the RX platform can improve your vendor security? Sign up for a free assessment! Our automated solution can assess your vendor security to give you a free score based on current security standards.
    Sign up here