1

I was learning about CVE and went through this :

... if you own a security tool whose reports contain references to CVE IDs, you may then access fix information in a separate database that is compatible with CVE ...

source: https://cve.mitre.org/about/faqs.html#public_use

I can't understand what that database related thing in that statement. I was thinking if CVE is itself vulnerabilities database but this is said to be not

Can anyone also help me understand better on that and explain:

Isn't CVE just another vulnerability database?

No. CVE is not a vulnerability database. CVE is designed to allow vulnerability databases and other capabilities to be linked together, and to facilitate the comparison of security tools and services

source: https://cve.mitre.org/about/faqs.html#is_cve_another_vulnerability_database

Tom K.
  • 7,965
  • 3
  • 30
  • 53
pravin poudel
  • 111
  • 2
  • If you are quoting something, please include a link so that we can understand. – schroeder May 27 '18 at 07:24
  • 1
    I'm not sure this is a security question, but more of a comprehension question. The "database related thing" is the ***fix*** database they mentioned as an example. As the FAQ explains, CVE is not a database, but a way to describe and reference vulnerabilities and exposures. – schroeder May 27 '18 at 07:35
  • i font understand you last line ccould you please explain it ... – pravin poudel May 27 '18 at 12:48
  • Possible duplicate of [Are CVE counts a good indicator of a software's security?](https://security.stackexchange.com/questions/147111/are-cve-counts-a-good-indicator-of-a-softwares-security). While the question might not be the same, the answer given by Arminius should also clear up your misunderstandings. – Tom K. Jun 05 '18 at 08:12

0 Answers0