The National Vulnerability Database on Thursday expanded its security information offerings to include comments from software vendors about flaws in their products.
NVD, which is designed to warn security software companies and the public about all known
computer vulnerabilities, has added a new twist to its year-old database. Software vendors, which previously were not allowed to post to the site, can now post their comments to the NVD site and distribute information over the NVD real-time feeds.
"The purpose...of the statements is to explain how a vendor is, or is not, affected by a given vulnerability, or to add comments, or corrections, to the vulnerability details," said Mark Cox, head of Red Hat's Security Response Team, in an e-mail interview. Red Hat originally approached the operators of the NVD site, the National Institute of Standards and Technology, to include vendor comments and has already completed a pilot with NVD.
Software vendors retain full editorial control over their statements, which are posted in real-time on the NVD site and distributed via its feeds. As a result, they are directly accountable for their content.
Software vendors will often release a patch to cover multiple flaws in their software, but IT administrators and security software advisory companies often do not know which specific flaws apply to the patch, said Peter Mell, NVD project lead.
Software vendors will be able to provide security software companies that advise IT administrators with more precise information on which flaws are addressed with their patches. The vendors will also be able to provide workarounds if a patch is not yet available via the NVD service, Mell said, adding that vendors may also elaborate on any disputes of claims that their software has security flaws.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
"Never Stop Playing" campaign for upcoming portable marks Sony's largest platform launch marketing spend, with ads to reach YouTube, Facebook, TV, and billboards in major cities.
As UC Berkeley students, the co-founders of "Back to the Roots" discovered they could grow mushrooms using recycled coffee grounds. Now their mushroom kit sells at grocery stores across the country.
Join the conversation