From: CVE Announce List (cvemitre.org)
Date: Mon Dec 12 2005 - 15:31:32 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Welcome to the latest edition of the CVE-Announce e-newsletter. This
email newsletter is designed to bring recent news about CVE, such as new
versions, upcoming conferences, new Web site features, etc. right to
your emailbox. Common Vulnerabilities and Exposures (CVE) is the
standard for information security vulnerability names. CVE content
results from the collaborative efforts of the CVE Editorial Board, which
is comprised of leading representatives from the information security
community. Details on subscribing (and unsubscribing) to the email
newsletter are at the end. Please feel free to pass this newsletter on
to interested colleagues.

Comments: cvemitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/December 12, 2005
-------------------------------------------------------

Contents:

1. Feature Story
2. Latest Compatible Products/Services
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

CVE Names Included in Consensus List of "Top Twenty" Internet Security
Threats

The recently updated Twenty Most Critical Internet Security
Vulnerabilities, a SANS/FBI consensus list of the most critical problem
areas in Internet security, was released on November 22, 2005 and
includes 241 CVE names. According to the SANS Web site, this latest
version of the Top Twenty "is a marked deviation from the previous
Top-20 lists. In addition to Windows and UNIX categories, we have also
included Cross-Platform Applications and Networking Products. The change
reflects the dynamic nature of the evolving threat landscape. Unlike the
previous Top-20 lists, this list is not "cumulative" in nature. We have
only listed critical vulnerabilities from the past year and a half or
so. If you have not patched your systems for a length of time, it is
highly recommended that you first patch the vulnerabilities listed in
the Top-20 2004 list."

Version 6.0 of the updated list includes CVE names with both entry and
candidate status to uniquely identify the vulnerabilities it describes.
This will help system administrators use CVE-compatible products and
services to help make their networks more secure.

SANS is a member of the CVE Editorial Board and its education and
training materials are listed on the CVE-Compatible Products and
Services page on the CVE Web site at http://cve.mitre.org/compatible/.

LINKS:

SANS Top Twenty - http://www.sans.org/top20/

CVE Web site - http://cve.mitre.org

-------------------------------------------------------------
LATEST COMPATIBLE PRODUCTS/SERVICES:

* SAINT Corporation declared that its network vulnerability assessment
   management console, SAINTmanager, is CVE-compatible.
   Three other SAINT products are also listed on the CVE-Compatible
   Products and Services page, all three of which--SAINT (Security
   Administrator's Integrated Network Tool), SAINTbox, and WebSAINT--are
   Officially CVE-Compatible.

* French Security Incident Response Team (FrSIRT) declared that its
   FrSIRT Security Advisories are CVE-compatible.

Find more information on these and other products at
http://cve.mitre.org/compatible/

-------------------------------------------------------------
ALSO IN THIS ISSUE:

* 842 CVE Names with Candidate Status Added to CVE List in November

* CVE Mentioned in Product Review in "SC Magazine"

* CVE Mentioned in Article about National Vulnerability Database on
   "SecurityFocus.com"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Christey, Information Security Technical Center.
Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE
and provides impartial technical guidance to the CVE Editorial Board on
all matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email
message and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listservlists.mitre.org.
To subscribe, send an email message to listservlists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".

Copyright 2005, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cvemitre.org.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]