There has been a lot of discussion recently about which is the most up to date and definitive list of network vulnerabilities. We’ve decided to list the industry standard network vulnerability lists. Please don’t consider the order of the list:
National Vulnerability Database Version 2.2: (http://nvd.nist.gov/): The U .S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
The Common Vulnerabilities and Exposures (http://www.cve.mitre.org/): Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. If a report from one of your security tools incorporates CVE Identifiers, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.
SANS (Sys Admin, Audit, Network, Security) Top 20 (www.sans.org/top20):
The Critical Security Controls effort focuses first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on “What Works” – security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness.
United States Computer Emergency Readiness Team (CERT) Vulnerability Notes Database (www.kb.cert.org/vuls/):
The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.