Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: What's the best vulnerability database? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
What's the best vulnerability database?
I have a project to research certain applications to determine if there are existing vulnerabilities. My plan is to get a vulnerability database and run some scripts looking for my applications. I expect to minimize but not entirely eliminate some manual review.

My question is - what vulnerability database is most useful for this effort? CVE? NVD? OSVDB? Something else?

Any advice is most welcome.

Jim B.
Anonymous

All of them. Don't forget secunia. Once you got them aggregated, a query against all should work. CVE is nice to match up entries between them, but there may not be a CVE number for all of the vulnerabilities. Johannes

3087 Posts
ISC Handler
Quoting Anonymous:I have a project to research certain applications to determine if there are existing vulnerabilities. My plan is to get a vulnerability database and run some scripts looking for my applications. I expect to minimize but not entirely eliminate some manual review.

My question is - what vulnerability database is most useful for this effort? CVE? NVD? OSVDB? Something else?

Any advice is most welcome.

Jim B.
Anonymous

Securing databases is barely a simple undertaking, however it is regularly the assaults that pursue the most straightforward vulnerabilities that are best. Undertakings that stick to the essentials will create the most blast for their database security bucks.
http://laustan.com/master_level.php
Anonymous

Sign Up for Free or Log In to start participating in the conversation!