[ISN] Red Hat Unveils CVE Security Compatibility

From: InfoSec News (isnat_private)
Date: Thu Apr 11 2002 - 00:58:05 PDT

  • Next message: InfoSec News: "[ISN] FBI information systems still at 'substantial risk,' officials say"

    April 11, 2002
    RALEIGH, N.C.--April 10, 2002--Red Hat, Inc. (Nasdaq:RHAT) today 
    announced that security alerts and advisories, including updates 
    issued through the Red Hat Network, will now use Common 
    Vulnerabilities and Exposures (CVE) standard names. 
    The CVE project, maintained by the MITRE Corporation, is a list of 
    standardized names for vulnerabilities and security exposures. The 
    common list makes it easier to share data across a broad group of 
    technologies, and can improve the accuracy of alerts and updates that 
    correct potential security issues. In January, the National Institute 
    of Standards and Technology (NIST) issued a draft recommendation that 
    government organizations adopt CVE standard solutions throughout their 
    security infrastructure. 
    "One of the greatest strengths of open source development is the 
    ability to harness the efforts of millions of programmers, users and 
    vendors across the industry to quickly change software, including 
    fixing vulnerabilities," said Mark Cox, senior director of engineering 
    at Red Hat. "The CVE dictionary delivers a common language, enabling 
    our customers to spend less time investigating and categorizing 
    security events, reducing risk and any associated impact." 
    "The growing acceptance of CVE within the open source community is an 
    important development," said MITRE's Steve Christey, who heads up the 
    CVE Editorial Board and is editor of the CVE List. "We hope that Red 
    Hat's commitment to CVE will encourage other open source vendors to 
    become more actively engaged in this initiative. We formally welcome 
    Mark to our CVE Board, and at the same time we appreciate the 
    significant contributions he has made over the last five months." 
    Red Hat also announced today that Mark Cox has become the first 
    employee of an open source vendor to join the CVE Editorial Board, 
    whose members collaborate to determine the content of the list. The 
    Board includes representatives from top vendors, academic 
    institutions, government agencies and prominent security experts. 
    Prior to his appointment, Cox had worked as a liaison with the project 
    since November 2001. 
    "We are working with MITRE and the rest of the CVE Editorial Board to 
    contribute and validate new entries that affect Linux and open source 
    projects, as well as publish CVE entries in our security advisories," 
    said Cox. "It is essential that security vulnerabilities get reported 
    accurately so that affected users can make informed decisions." 
    For more information on the CVE project, please visit cve.mitre.org 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Apr 11 2002 - 03:23:01 PDT