Futur Future e of of Global V Global Vulner ulnerability bility Repor eporting ting Summit Summit Summit D Summit Days ays The V he Value of alue of Global V Global Vulner ulnerability R bility Repor eporting ting Masato Masa to Ter erada ada IT Security IT Security Center Center, , IP IPA November 13, 2012 No ember 13, 2012 FIRST TC @ KYOTO Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
con conten tents. ts. Vulnerability Vulnerability Ident Identifier ifier vulnerability vulnerability identifica identification. tion. # of vulnerabilities. # of vulnerabilities. FIRST TC @ KYOTO 2 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. How many vulnerability identifiers are there in our cyberspace ? FIRST TC @ KYOTO 3 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. How many vulnerability identifiers are there in our cyberspace ? Database Database Regional/national vulnerability databases NVD, JVN, CNVD etc. Non-government vulnerability databases Secunia, SecurityFocus, OSVDB, Cisco Security Intelligence Operations, IBM ISS X-Force etc. Vendor Advisories Vendor Advisories Microsoft, Oracle, Cisco, Adobe etc. FIRST TC @ KYOTO 4 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. http://nvd.nist.gov/ NVD NVD (Nationa (National l Vulnerability Vulnerability Database) Database) ID(4 + 4 digits): CVE-2012-1234 Lang: English CVE mapping: one-to-one URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1234 FIRST TC @ KYOTO 5 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. http://jvn.jp/ JVN(Japan JVN(Japan Vulnerability Vulnerability Database) Database) ID(8 digits): JVN#12345678 Lang: Japanese/English CVE mapping: one-to-one URL: http://jvn.jp/jp/JVN12345678 FIRST TC @ KYOTO 6 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. http://jvndb.jvn.jp/ JVN JVN iPedia iPedia ID(4 + 6 digits): JVNDB-2012-123456 Lang: Japanese/English CVE mapping: one-to-one URL: http://jvndb.jvn.jp/jvndb/JVNDB-2012-123456 FIRST TC @ KYOTO 7 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. http://www.cnvd.org.cn/ CNVD(China CNVD(China National Vulnerability National Vulnerability Database) Database) ID(4 + 5 digits): CNVD-2012-12345 Lang: Chinese CVE mapping: one-to-one URL: http://www.cnvd.org.cn/sites/main/preview/ldgg_preview.htm?tid=61059 FIRST TC @ KYOTO 8 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. http://secunia.com/ Secunia Secunia ID(5 digits): SA12345 Lang: English CVE mapping: one-to-many URL: http://secunia.com/advisories/12345 FIRST TC @ KYOTO 9 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. http://www.securityfocus.com/ Secur SecurityFocus ityFocus ID(variable digits): 12345 (aka. bid12345) Lang: English ^^^^^^ current longest id is 5 digits CVE mapping: one-to-many URL: http://www.securityfocus.com/bid/12345 FIRST TC @ KYOTO 10 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. http://osvdb.org/ OSVDB OSVDB (The (The Open Open Source Source Vulnerability Vulnerability Database) Database) ID(variable digits): 12345 Lang: English ^^^^^ current longest id is 5 digits CVE mapping: one-to-many URL: http://osvdb.org/show/osvdb/12345 FIRST TC @ KYOTO 11 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. http://tools.cisco.com/security/center/ Cisco Cisco Secur Security ity Inte Intelligence Operations lligence Operations ID(5 digits): 12345 Lang: English CVE mapping: one-to-many URL: http://tools.cisco.com/security/center/viewAlert.x?alertId=12345 FIRST TC @ KYOTO 12 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifier identifier. http://xforce.iss.net/ IBM IBM ISS ISS X-Force Force ID(short subject + variable digits): speak-freely-udp-bo (12345) <<<<< current longest id is 5 digits Lang: English CVE mapping: one-to-many URL: http://xforce.iss.net/xforce/xfdb/12345 FIRST TC @ KYOTO 13 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifica identification tion. How do we make a relationship of vulnerability information ? FIRST TC @ KYOTO 14 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
vulner vulnerability bility identifica identification tion. How do we make a relationship of vulnerability information ? Currently, we can use Common Vulnerabilities and Exposures (CVE), which is the most well known vulnerability identification scheme. CVE is best and unique reference ID in world wide. FIRST TC @ KYOTO 15 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
# of vulne # of vulnerabilities. bilities. How many # of vulnerabilities ? FIRST TC @ KYOTO 16 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
# of vulne # of vulnerabilities. bilities. http://nvd.nist.gov/ NVD NVD (Nationa (National l Vulnerability Vulnerability Database) Database) 8,000 NVD 7,000 CERT/CC 6,000 Number of vulnerabilities Total; 53,262 5,000 4,000 3,000 2,000 1,000 0 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 FIRST TC @ KYOTO 17 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
# of # of vulne vulnerabilities. bilities. http://www.cnvd.org.cn/ CNVD(China CNVD(China National Vulnerability National Vulnerability Database) Database) 7,000 Total; 39,796 CNVD 6,000 Number of vulnerabilities 5,000 4,000 3,000 2,000 1,000 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 FIRST TC @ KYOTO 18 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
# of # of vulne vulnerabilities. bilities. http://secunia.com/ Secunia Secunia Average 2006-10; 8,663 Total 2011; 9,132 FIRST TC @ KYOTO 19 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
end ending. ing. Global Vulner Global V ulnerability bility Repor eporting will pr ting will provide bes vide best t solution of solution of this qu this question estions. s. FIRST TC @ KYOTO 20 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012
Recommend
More recommend