vulnerabilities db
Results 1 to 8 of 8

Thread: vulnerabilities db

  1. #1
    Member
    Join Date
    Aug 2004
    Posts
    36

    vulnerabilities db

    Hi,

    I want to know in what format is the vulnerability information available and from which sources. Some consultant advised me of buying a service from TruSecure who send feeds with vulnerability information, however that appears as a costly solution. What are the alternatives and how do they compare to commercial solutions ? If I can get the info from a non-profit group in realtime, I want to write a small alert tool on my own.

    Thanks,
    Rich.

  2. #2
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    I am sorry but am not sure what are you trying to say... Sorry for being ignorant...
    Do you mean, who can offer to you a vulnerability assesment for Databases free of charge???{Thread Title vulnerability db. db usually refered to as short for Databases }...

    Please be more specific about what you want to assess...

    Cheers
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  4. #4
    Member
    Join Date
    Aug 2004
    Posts
    36
    I am looking for vulnerability information (such as Bugtraq) linked in the above list. However, I am looking at the following:

    I need to develop a small program that will pull data from online vulnerability databases like bugtraq and do some processing such as sending alert e-mails to my administrators. Say that I get all vulnerabilities information in a CSV file or XML file, then I can parse and do the next steps in an automated way.

    Thanks,
    Rich.

  5. #5
    Member
    Join Date
    Aug 2004
    Posts
    36
    ??

  6. #6
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    I guess that you need to have a look at:

    http://www.securityfocus.com/archive/1

    they offer a very cool RSS XML feeding ....

    Does this help?????

    Cheers
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  7. #7
    Member
    Join Date
    Aug 2004
    Posts
    36
    Yes and No

    In the RSS Feed, we only get a single line text and a link to the original artcie. I am unable to get structured vulnerability information.

    Secondly, this is not real time.

  8. #8
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    kautilya:

    Welcome to AO! I use multiple sources to do what you are talking about:

    * Use a commercial alert service. I use Symantec's Deep Sight Alert Service and it is great but is expensive: it lists at $4,900 a year, I paid about $4,100. It's a great service as it saves so much time on the analysis and alerting of vulnerabilities. They provide risk numbers - see below for info on what they are based on.

    * ThreatFocus is another commercial alert service and they are less expensive than Symantec's from what I heard but havent tried it. http://www.threatfocus.com

    * Visit websites such as The Internet Storm Center (excellent! http://isc.incidents.org), Security Tracker (http://www.securitytracker.com), Secunia (http://secunia.com).

    I suppose you could devise a script to parse these websites but it would seem like a hell of a lot of work to develop something that provides you with good data. Filtering nightmare I would imagine.

    One thing to keep in mind, just because a vulnerability is announced by someone does not necessarilty mean an exploit is out yet. Yeah I know the time between vuln announce and exploit is shrinking down to practically hours now...that doesn't mean a workable exploit has been made into a worm or virus or is being used.

    And quite frankly...the more I think about it...if you really have a need to know IMMEDIATELY when a vulnerability has been announced...than you are protecting something so important that you should have $5,000 to spend on a commercial service. Either that or dedicated someone to watch the security boards ...and that will cost you more than $5K.

    Just my 2 pennies.

    Symantec Deep Sight Alert Service

    Urgency Rating
    This rates the urgency of the vulnerability on a scale of 0 (low) to 10 (high). It
    implies the priority you should place on fixing or mitigating the vulnerability. It
    is based on the weighted values of Severity, Ease, and Credibility.
    ■ Severity = 65%
    ■ Ease = 20%
    ■ Credibility = 15%
    Note: Credibility is based on a scale of 1 to 6. In order for Credibility to comprise
    15% of Urgency, the Credibility value must be multiplied by 1.667 which makes
    the credibility scale consistent with other ratings based on a scale of 0 (low) to
    10 (high).

    Severity
    This rates how severe a vulnerability is on a scale of 0 (low) to 10 (high). It is
    based on the weighted values of Impact, Availability, Authentication, and
    Remote fields.
    ■ Impact = 55%
    ■ Availability = 10%
    ■ Authentication = 10%
    ■ Remote = 25%

    Impact
    This field rates the impact of a vulnerability on a scale of 0 (low) to 10 (high). The
    numerical value is determined with a formula based on the value of the security
    properties lost, the privilege obtained, and the objects affected. Impact consists
    of three security properties that can be lost:
    ■ Availability (A) - A vulnerability that results in a denial of service
    ■ Confidentiality (C) - A vulnerability that results in the disclosure of
    otherwise protected data
    ■ Integrity (I) - A vulnerability that results in the modification of otherwise
    protected data

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides