|
Presentation
Managing Vulnerabilities in Your Commercial-Off-the-Shelf (COTS) Systems Using an Industry Standards Effort |
|||||||||||
|
Historically, security vulnerability information on COTS software products has been hard to obtain, contradictory, or even redundant. Managing the risks that come from the vulnerabilities requires an ever-growing level of resources, skills, and diligence. CVE, the Common Vulnerabilities and Exposures Initiative (cve.mitre.org), is a new international, community-based effort from industry, government, and academia that is working to create an organizing mechanism that make finding and fixing these COTS and open source software product vulnerabilities more rapid and efficient. The presentation will describe the various challenges, solutions, and approaches that the CVE Initiative has faced in developing ways of finding out about the vulnerabilities that exist in the COTS and open source software products used by an organization, or by the infrastructures that the organization is dependent upon. | ||||||||||
 |
|
|
