Exploit Report

Computer Security And Bug Information

What Is The NVD?

The NVD, or National Vulnerability Database, is a vehicle for housing software vulnerability data. The NVD is a repository of information that a function of United States government.

The NVD consists of numerous tools around the discovery and distribution of software flaws. These include: software feeds for sharing information, prevention checklists, and ways for measuring the impact of software exploits.

  • The NVD stores, distributes, and analyzes Common Vulnerabilities and Exposures (CVE).
  • CVE impact is measured using the Common Vulnerability Scoring System (CVSS).
  • Exploit/vulnerability types are categorized using Common Weakness Enumeration (CWE).
  • Applicability statements called Common Platform Enumeration (CPE)

What The NVD Isn’t

Importantly, the NVD does not engage in software security testing. The organization coordinates with third-party vendors, such as computer security researchers and computer security firms, in order to discus vulnerabilities and to ultimately catalog them.

NVD Background

The NVD is made possible through NIST, the National Institute of Standards and Technology, which is part of the United States Department of Commerce (DOC).

The practices of the NVD are outlined using the Security Content Automation Protocol (SCAP).

The larger program started in 1999 as the Internet Categorization of Attacks Toolkit (ICAT), as outlined in this October 1999 research paper.

While not specifically discussed, the functions of the NVD, SCAP, and other tools and governmental organizationals are covered in the US Code of Federal Regulations Title 6.

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles