The SecInfo management provides centralized access to a wide range of information technology (IT) security information including the following categories:
Vulnerability Tests (VT)
VTs test the target system for potential vulnerabilities.
Common Vulnerabilities and Exposures (CVE)
CVEs are vulnerabilities published by vendors and security researchers.
Common Platform Enumeration (CPE)
CPE offers standardized names for products used in the IT.
Open Vulnerability Assessment Language (OVAL) Definitions
OVAL offers a standardized language for testing vulnerabilities. OVAL definitions use this language to discover vulnerabilities.
CERT-Bund Advisories
CERT-Bund Advisories are published by the CERT-Bund , the Computer Emergency Response Team of the German Federal Office for Information Security (BSI) (German: Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI). The main task of the CERT-Bund is the operation of a warning and information service publishing information regarding new vulnerabilities and security risks as well as threats for IT systems.
DFN-CERT Advisories
DFN-CERT advisories are published by the DFN-CERT, the Computer Emergency Response Team of the German National Research and Education Network (German: Deutsches Forschungsnetz, abbreviated as DFN).
VTs are test routines used by the blësk NSM. VTs receive regular updates from the security feed database, which is updated regularly. VTs include information about development date, affected systems, the impact of vulnerabilities and remediation.
List Page
All existing VTs can be displayed by selecting SecInfo > NVTs in the menu bar.
For all VTs the following information is displayed:
Name
Name of the VT.
Family
Family of VTs to which the VT belongs.
Created
Date and time of creation.
Modified
Date and time of last modification.
CVE
CVE that is checked for using the VT.
Severity
The severity of the vulnerability is displayed as a bar to support the analysis of the results.
In the past, various organizations discovered and reported vulnerabilities at the same time and assigned them different names. This led to different scanners reporting the same vulnerability under different names making communication and comparison of the results complicated.
To address this, MITRE founded the Common Vulnerabilities and Exposure (CVE) project. Every vulnerability is assigned a unique identifier consisting of the release year and a simple number. This identifier serves as a central reference.
The CVE database of MITRE is not a vulnerability database. CVE was developed in order to connect the vulnerability database and other systems with each other enabling the comparison of security tools and services.
Note: There is always a delay of 1 – 2 working days between the vulnerability analysis/severity assessment and the time the updated information is displayed in the SecInfo.
The Common Platform Enumeration (CPE) is modelled after CVE. It is a structured naming scheme for applications, operating systems and hardware devices.
The CPE was initiated by MITRE and is maintained by NIST as a part of the NVD. NIST has already maintained the official CPE dictionary and the CPE specifications for many years. CPE is based on the generic syntax of the Uniform Resource Identifier (URI).
The Open Vulnerability and Assessment Language (OVAL) is a MITRE project and maintained by the Center of Internet Security (CIS).
OVAL is a language to describe vulnerabilities, configuration settings (compliance), patches and applications (inventory).
The XML based definitions allow simple processing by automated systems and describe the discovery of individual systems and vulnerabilities.
The CERT-Bund, the Computer Emergency Response Team of the German Federal Office for Information Security (BSI), is the central point of contact for preventive and reactive measures regarding security related computer incidents.
With the intention of avoiding harm and limiting potential damage, the work of CERT-Bund includes the following:
While the individual VTs, CVEs, CPEs and OVAL definitions are created primarily to be processed by computer systems, the DFN-CERT publishes new advisories regularly.
The DFN-CERT is responsible for hundreds of universities and research institutions that are associated with the German Research and Education Network (German: Deutsches Forschungsnetz, abbreviated as DFN). Additionally, it provides key security services to government and industry.
An advisory describes especially critical security risks that require fast reacting. The DFN-CERT advisory service includes the categorization, distribution and rating of advisories issued by different software vendors and distributors. Advisories are obtained by the blësk NSM and stored in the database for reference.