Issue No. 11 - November (2001 vol. 34)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/2.963441
<p>Most organizations recognize the importance of cyber security and are implementing various forms of protection. However, many are failing to find and fix known security problems in the software packages they use as the building blocks of their networks and systems, a vulnerability that a hacker can exploit to by-pass all other efforts to secure the enterprise. </p><p>The Common Vulnerabilities and Exposures initiative seeks to avoid such disasters and transform this area from a liability to a key asset in the fight to build and maintain secure systems. Coordinating international, community-based efforts from industry, government, and academia, CVE strives to find and fix software product vulnerabilities more rapidly, predictably, and efficiently. </p><p>The initiative seeks the adoption of a common naming practice for describing software vulnerabilities. Once adopted, these names will be included within security tools and services and on the fix sites of commercial and open source software package providers. </p><p>As vendors respond to more user requests for CVE-compatible fix sites, securing the enterprise will gradually include the complete cycle of finding, analyzing, and fixing vulnerabilities.</p>
R. A. Martin, "Managing Vulnerabilities in Networked Systems," in Computer, vol. 34, no. , pp. 32-38, 2001.