Vulnerability Databases

Key for security is knowing what present and past vulnerabilities are in your used hardware and software stack. Great open software and hardware companies take security serious and publish known vulnerabilities. So the amount of vulnerabilities you can find for a product is not related to the quality. You should distrust product that have no open published vulnerabilities.

• Vulnerability Notes Database.The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors.

• National Vulnerability Database - US (aka NVD) This NVD of the US NIST organization is one of the world largest databases. You should hate it, but there are little alternatives that have the same reach. The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

• CWE Vulnerability Databases CWE (Common Weakness Enumeration - CWE™) is a community-developed list of common software and hardware security weaknesses. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts. Available on: http://cwe.mitre.org/