Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Where does OVAL find out about the vulnerabilities used in the Vulnerability Definitions?

oval Used vulnerabilities vulnerability
0
Posted

Where does OVAL find out about the vulnerabilities used in the Vulnerability Definitions?

0 CommentsAdd a Comment

1 Answer

0

Most OVAL vulnerability definitions are based on the publicly known vulnerabilities identified in MITRE’s CVE List (see C7). This information comes from a variety of public sources including the application and operating system vendors themselves, security tool vendors, public vulnerability databases, and as a direct result of the open discussions on OVAL’s Community Forum email list. On occasion, discussions on the community discussion list may bring to light new potential security vulnerabilities (see C12). In these instances, the relevant information will be forwarded to the CVE Initiative and if accepted, the issue will be assigned a CVE name with candidate status. Any subsequent OVAL definitions developed for this newly identified problem will include this CVE name.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123