SGT Private RallyPoint Member 1478028 <div class="images-v2-count-0"></div>I'm trying to figure out how these numbers are populated and what's important to know about the cvedetails.com website.<br /><br /><a target="_blank" href="https://www.hackread.com/apples-os-x-most-vulnerable-software-of-2015/">https://www.hackread.com/apples-os-x-most-vulnerable-software-of-2015/</a> <div class="pta-link-card answers-template-image type-default"> <div class="pta-link-card-picture"> <img src="https://d26horl2n8pviu.cloudfront.net/link_data_pictures/images/000/058/913/qrc/apples-os-x-comes-out-as-most-vulnerable-software-of-2015.png?1461618518"> </div> <div class="pta-link-card-content"> <p class="pta-link-card-title"> <a target="blank" href="https://www.hackread.com/apples-os-x-most-vulnerable-software-of-2015/">Surprise, Apple’s OS X comes out as most vulnerable software of 2015</a> </p> <p class="pta-link-card-description">In a study conducted by CVE Details, the most vulnerable software of the previous year has been identified as Apple’s OS X and the tech-giant is also the c</p> </div> <div class="clearfix"></div> </div> What should an InfoSec newbie learn about CVE (Common Vulnerabilities and Exposures) ? 2016-04-25T17:08:21-04:00 SGT Private RallyPoint Member 1478028 <div class="images-v2-count-0"></div>I'm trying to figure out how these numbers are populated and what's important to know about the cvedetails.com website.<br /><br /><a target="_blank" href="https://www.hackread.com/apples-os-x-most-vulnerable-software-of-2015/">https://www.hackread.com/apples-os-x-most-vulnerable-software-of-2015/</a> <div class="pta-link-card answers-template-image type-default"> <div class="pta-link-card-picture"> <img src="https://d26horl2n8pviu.cloudfront.net/link_data_pictures/images/000/058/913/qrc/apples-os-x-comes-out-as-most-vulnerable-software-of-2015.png?1461618518"> </div> <div class="pta-link-card-content"> <p class="pta-link-card-title"> <a target="blank" href="https://www.hackread.com/apples-os-x-most-vulnerable-software-of-2015/">Surprise, Apple’s OS X comes out as most vulnerable software of 2015</a> </p> <p class="pta-link-card-description">In a study conducted by CVE Details, the most vulnerable software of the previous year has been identified as Apple’s OS X and the tech-giant is also the c</p> </div> <div class="clearfix"></div> </div> What should an InfoSec newbie learn about CVE (Common Vulnerabilities and Exposures) ? 2016-04-25T17:08:21-04:00 2016-04-25T17:08:21-04:00 SSG Derek Scheller 1478033 <div class="images-v2-count-0"></div>What they are and what information they provide. Also, you should know where to find them and how they can be exploited. Response by SSG Derek Scheller made Apr 25 at 2016 5:10 PM 2016-04-25T17:10:19-04:00 2016-04-25T17:10:19-04:00 COL Jim Kohlmann 1478427 <div class="images-v2-count-0"></div>Here&#39;s a link to some key info on CVEs <a target="_blank" href="https://cve.mitre.org/about/faqs.html">https://cve.mitre.org/about/faqs.html</a><br />Things I pay attention to: start with current year vulnerabilities. There is a good chance the owner has worked to remediate or mitigate earlier issues (but not always). Look at the higher score first (i.e. 10 va 4.8). Then see what it it effects. Then check the DISA STIG site to see if there are STIGs that address the vulnerability. If not, then ask the manufacturer what they are going to do about the vulnerability - and use the CVE number in that correspondence. <div class="pta-link-card answers-template-image type-default"> <div class="pta-link-card-picture"> <img src="https://d26horl2n8pviu.cloudfront.net/link_data_pictures/images/000/058/947/qrc/cvebanner.gif?1461632374"> </div> <div class="pta-link-card-content"> <p class="pta-link-card-title"> <a target="blank" href="https://cve.mitre.org/about/faqs.html">CVE - Frequently Asked Questions</a> </p> <p class="pta-link-card-description">Common Vulnerabilities and Exposures (CVE) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE&#39;s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.</p> </div> <div class="clearfix"></div> </div> Response by COL Jim Kohlmann made Apr 25 at 2016 9:05 PM 2016-04-25T21:05:42-04:00 2016-04-25T21:05:42-04:00 2016-04-25T17:08:21-04:00