[21525] in bugtraq
NIST Gives Away Vulnerability Database
daemon@ATHENA.MIT.EDU (Peter Mell)
Mon Jul 16 01:33:27 2001
Message-Id: <5.0.0.25.2.20010714093639.00a20c50@email.nist.gov>
Date: Sat, 14 Jul 2001 09:44:18 -0400
To: bugtraq@securityfocus.com
From: Peter Mell <peter.mell@nist.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
NIST Gives Away Vulnerability Database
The NIST Computer Security Division's ICAT project team is now giving away
copies of the ICAT vulnerability database for public use
(http://icat.nist.gov). The database currently contains 2628
vulnerabilities. This means that ICAT can now be used as a royalty free
vulnerability database for commercial and free products. In addition, the
ICAT data file contains a GUI interface allowing people to use ICAT as an
off-line application. The ICAT team supports the public sharing of
vulnerability information that can help secure systems and we are excited
about releasing control of our data.
The ICAT vulnerability data is available as a Microsoft Access 2000 file in
the "download" section of the ICAT web site. From this file, the data can
be easily exported into most database products. It should be noted that
ICAT is not itself a true vulnerability database but is instead a
searchable index of vulnerability information. Only when the ICAT data is
combined with the numerous vulnerability advisories that it references can
ICAT be used as a vulnerability database. Thus, the most important data in
ICAT is the mapping of CVE standard vulnerability enumerations
(http://cve.mitre.org) to hyperlinks leading to various vendor and security
company advisories. Another important data set in ICAT is the list of
vendor names, product names, and version numbers associated with each
vulnerability.
Peter Mell
National Institute of Standards and Technology
