• Laetitia Michel

CVE : why it is important to check public databases regularly

Mis à jour : il y a 20 heures

CVEs is a dictionary of publicly available information that lists and assigns an identifier to each cybersecurity threat or vulnerability discovered. It is free to access, use and download its contents. It is maintained by the US non-profit organisation MITRE(1).

By entering the name of your applications, software, etc., in the site's search engine, you will be able to see a list of the threats and/or vulnerabilities that are related to it, their reference number, as well as a short description for each. By clicking on one of them, you will be able to access its personal file for further information.

It is important for an individual, and even more so for a company, to regularly check these databases in order to keep abreast of existing and discovered threats and vulnerabilities, in order to be able to correct them as soon as possible, and thus, to better secure its infrastructure and data.

Once threats and vulnerabilities are exposed, it does not take long for them to be exploited for malicious purposes.

In the same vein of security, it is also important to update applications, operating systems, etc. as soon as possible after their release. Indeed, threats and/or vulnerabilities may have been discovered (listed or not yet in the CVEs). The software publisher will therefore have issued an update to correct it/them more or less quickly after this discovery.

Everything is moving very fast, and it may seem impossible to keep up to date with all the vulnerabilities discovered, and especially in real time. If you didn't know, solutions exist to make this task easier.

On the paid side, Nessus(2) and InsightVM(3), for example, allow you to scan your network (operating systems, databases, applications, etc.) and to list the vulnerabilities present, specifying the level of criticality, the solution to remedy them and giving the CVE references when there are any. A free version is available so that you can test their performance. You can also use OpenVAS which is the equivalent but in a totally free version.

On the application and its dependencies side, Owasp offers the Dependency-Check plugin which will check the CVE database to see if a library has known vulnerabilities.

Do you have questions about the security of your applications ? Of your installations ? You feel lost when faced with so many elements to take into account for optimum security ? Do not hesitate to call on Cybersecura. A team of professionals is at your disposal to answer your questions.

Sources : (1)

(2) (3)

Would you like to be informed of our news and receive our latest blog articles directly in your mailbox ? Subscribe to our monthly newsletter !

Would you like to discuss your difficulties, your needs, our offers ? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts !

2 vues0 commentaire

Posts récents

Voir tout