Acronym Monday: CVE

By: Erich Maas

Proposal Coordinator

Today’s Acronym Monday is brought to you by the acronym CVE and also National Cyber Security Awareness Month.

We’re reaching the end of National Cyber Security Awareness Month, but that doesn’t mean we’re going to lower our voices about it. This weeks acronym is CVE, which stands for common vulnerabilities and exposures.

Let’s define vulnerability as a problem with a software that makes it susceptible to cyber attack. Pretty much any software has a vulnerability of some kind. You may notice when you are asked to do updates for your computer or programs you have installed, most of them include a security update. These updates fix possible vulnerabilities.

The CVE system is used to track all publicly available software’s vulnerabilities to attack. It’s maintained by the MITRE Corporation, and according to their website, they describe CVE as “a dictionary of publicly known information security vulnerabilities and exposures.” What they do is assign a number to each vulnerability they find, and make it available to search by the public. The purpose is to help people make choices about which software they’re using and help inform decisions about cybersecurity policies.

You can use the National Vulnerability Database or NVD to search for software vulnerabilities. This system pulls the data from CVE. You can search a software by name and see all the vulnerabilities that have been detected, assigned a number, and released to the public. It even shows you a rating of severity so you know how potentially bad each vulnerability is.

This system may not ever be useful to you, but now you know it’s there in case you ever get curious about software vulnerabilities.