Friday, May 14, 2010

CVE DETAILS


Do you wanna find more stats on CVE such as: what years with more vulnerabilities or what company had more vulnerabilities and so forth ?

Welcome to www.cvedetails.com. This is an effort to provide an easy to use web interface to CVE vulnerability information. You can browse for vendors, products and versions and view cve security vulnerabilities related to each of them. You can view statistics about vendors, products and individual versions of products. CVE details are displayed in a single, easy to use page, see a sample here.All data are taken from National Vulnerability Database (NVD) xml feeds provided by National Institue of Standards and Technology except vulnerability type information. Vulnerabilities are classified by www.cvedetails.com using keyword matching and cwe numbers if possible, but they are mostly based on keywords. Please see nvd.nist.gov for more details. All CVSS scores listed on this site are "CVSS Base Scores" provided in NVD feeds. Vulnerability data are updated daily.


Lets try some basic queries. Firs of all I am interested on what year has seen more vulnerabilities.



2006 and 2007 are very close each others and pretty far from the other years. We can deduce that the security measures has been incremented over last past years.. not so bad after all...
Now What about the vulnerability type ?


That's interesting, "execute code" is much more then other categories... Well to me it's quite obvious, the Code Execution is not really a vulnerability, is more a conseguence of a vulnerability. The real vulnerability is what allowed the code execution like Buffer Overflow or File Inclusion or Memory Corruption atc..In fact using this categorization it will be ever bigger then others. But anyway, let's go on. My next interesting query is what are the first top 20 Vendors ? Here we go !



Alright, as we might aspect the vendors are also in "how they are spread" order. Microsoft has the most spread products (so far), then Apple, SUN, IBM etc.. Concluding, this is an amazing place to go to keep upgraded your knowledge about security. Often you will hear from companies let's use Apple which is the most secure platform ... well actually is not true.. Debian is much more ! You will always have a good understanding and a pretty nice perception on which are the most secure platforms, knowing what to suggest from time to time.

2 comments:

Kodiyan said...

You r a very good writer. Do you mind to write an article in my blog? It's http://tips.tectip.info. I am very impressed with your writing style. I'm wondering why nobody commenting your blog. You r talented person. Not marketting well. I like u to invite to write in my blog if you have time

marketing online valencia said...

It can't succeed in fact, that's what I believe.