Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CVE Analysis Report

by Josef Weiss
October 18, 2017

In the early days of the Internet, vulnerabilities were not publicly known or identifiable. In 1999, the information security industry endorsed the importance using a common format in identifying vulnerabilities, thus the Common Vulnerabilities and Exposures (CVE®) was created. Since 1999, the adoption of CVE has grown from 29 organizations to over 150 organizations. Renaud Deraison, one of Tenable’s founders, is a past member of the CVE Editorial board.

Tenable products were first CVE Compatible in 2004, and currently Tenable.io is compatible. Tenable continues to lead the security industry in vulnerability management and continuous network monitoring by embracing accepted standards such as CVE.

Cyber Exposure has an operational security lifecycle which aims to provide common visibility to Security and IT teams. Tenable.io utilizes the CVE program to reference each of the vulnerabilities detected by Tenable.io. This identifies and remediates security issues quickly and efficiently. The CVE identifiers can be used throughout several areas of the Cyber Exposure lifecycle within Tenable.io for reporting, asset identification, risk management, and threat mitigation. The CVE Analysis report helps to identify vulnerabilities by their CVE identifiers from 1999 to 2019.

CVE is a widely used industry standard for identifying vulnerabilities across software vendors and vulnerability management systems. Using CVE IDs to identify vulnerabilities allows organizations to easily target affected systems and software for remediation. As vendors provide patches for widespread vulnerabilities such as WannaCry and Krack, many new plugins are released. The task of tracking vulnerabilities is simplified by using CVE identifiers, as the CVE identifiers for vulnerabilities remain the same even as new patches and plugins are released. Using CVE is a very flexible and useful method of detecting vulnerabilities to assist in the risk management process.

Cyber Exposure is the next frontier for empowering organizations to accurately understand, represent and ultimately reduce their cyber risk against the rapidly changing modern attack surface. Cyber Exposure will help the CISO drive a new level of dialogue with the business. Being able to know which areas of your business are secure or exposed, then the CISO can more effectively measure the organizations Cyber Risk. For example, how much and where to invest to reduce risk to an acceptable amount and help drive strategic business decisions.

This report provides the business with an easy to understand format for displaying the current count of vulnerabilities based on CVE release data and collection methods. This allows analysts and administrators to accurately represent and communicate cyber risk back to the business.Tenable.io is the first solution in Cyber Exposure that provides the key risk metrics business’ need to measure risk exposures.

Chapters

Executive Summary - This chapter provides a high level view of vulnerabilities by CVE. The matrices and trend graphs provide an analyst with counts of vulnerabilities by CVE year and collection method. The trend graphs provide an understanding of vulnerabilities filtered on CVE over the past three months. By tracking the current vulnerability count, analysts can track mitigation progress.

Vulnerabilities with CVE from 1999 to 2009 - This chapter provides details for all vulnerabilities with CVE from 1999 to 2009. The content provided is sorted by vulnerability and severity. For each vulnerability, a list of applicable CVEs, vulnerability description, and the affected systems is provided.

Vulnerabilities with CVE from 2010 to 2019 - The chapter provides details for all vulnerabilities with CVE from 2010 to 2019. The content provided is sorted by vulnerability and severity. For each vulnerability, a list of applicable CVEs, vulnerability description, and the affected systems is provided.

Category: 
Measure
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security