Cybersecurity Vulnerabilities Database

Cybersecurity.jpeg

There is a very useful article in Bloomberg about how the U.S. is taking too long to publish cybersecurity vulnerabilities. 


And the longer we take to publish the vulnerabilities with the patch/fix, the more time the hackers have to exploit it!


Generally, the U.S. is lagging China in publishing the vulnerabilities by a whopping 20-days!


Additionally, China’s database has thousands of vulnerabilities identified that don’t appear in the U.S. version. 


Hence, hackers can find the vulnerabilities on the Chinese database and then have almost three weeks or more to target our unpatched systems before we can potentially catch up in not only publishing but also remediating them. 


Why the lag and disparity in reporting between their systems and ours?


China uses a “wider variety of sources and methods” for reporting, while the U.S. process focuses more on ensuring the reliability of reporting sources–hence, it’s a “trade-off between speed and accuracy.”


For reference: 


The Department of Commerce’s National Institute of Standards and Technology publishes the vulnerabilities in the National Vulnerability Database (NVD).


And the NCD is built off of a “catalog of Common Vulnerabilities and Exposures (CVEs) maintained by the nonprofit Mitre Corp.”


Unfortunately, when it comes to cybersecurity, speed is critical.


If we don’t do vastly better, we can be cyber “dead right” before we even get the information that we were vulnerable and wrong in our cyber posture to begin with.  😉


(Source Photo: Andy Blumenthal)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s