New Tool For Identifying Vulnerabilities Up And Running

New Tool For Identifying Vulnerabilities Up And Running – Brief Article

Sometimes, computers just have too much software. Or at least that is the way it seems to many systems administrators who have to stay on top of viruses and other computer security “Achilles heels.” Keeping up with the 100 or so new vulnerabilities discovered each month can be an almost overwhelming task, especially since a single software flaw may be known by over 10 different names and no one source provides information on all of them.

However, NIST has developed a way to make keeping up with vulnerabilities much easier. The new extensive ICAT index–available on NIST’s World Wide Web site at http://icat.nist.gov–allows people to search for information on vulnerabilities efficiently using a standard naming scheme developed commercially. Users can quickly zero in on the data they need by using pull-down menus that specify product characteristics (such as vendor name and version number) and vulnerability characteristics (such as related exploit type, vulnerability consequence and exposed component type) for more than 2000 software vulnerabilities.

ICAT provides users with summaries of the vulnerabilities and links to public vulnerability databases available on the Internet, which provide detailed information and “patches” to make software more secure. It should prove to be a valuable resource for systems administrators, computer security officers, law enforcement officials, computer security researchers and software developers.

A way to get regular electronic mail updates from the ICAT index via an e-mail service named Cassandra, is available at https://cassandra.cerias.purdue.edu.

For technical information, contact Peter Mell. Comments about ICAT may be sent to icat@nist.gov.

COPYRIGHT 2001 National Institute of Standards and Technology

COPYRIGHT 2004 Gale Group