From the course: Creative Problem Solving for Technologists
Join today to access over 23,200 courses taught by industry experts.
Smaller scoping
From the course: Creative Problem Solving for Technologists
Smaller scoping
- [Instructor] I want to share two lessons from CVE, a security standard that I helped to create in the late '90s. CVE stands for common vulnerabilities and exposures. It was introduced to the world at a small workshop on vulnerability databases, and the name reflects an aspiration to help manage vulnerabilities and exposures. An exposure is something like, fingerd is running and allows information disclosure. So here's the thing. CVE doesn't contain very many exposures at all. It turns out they're controversial. We had a very long conversation before approving CVE-1999-0612. There are other things CVE doesn't contain, like CVSS scores or references to security standards. That's by design. Another group, the National Vulnerability Database, adds those to their database. That's a design feature. We talked about CVE as a way to cross reference between other things. Talking about CVE, I like the term concordance more…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.