Posted on Apr 25, 2016
SGT Writer
6.68K
5
10
1
1
0
I'm trying to figure out how these numbers are populated and what's important to know about the cvedetails.com website.

https://www.hackread.com/apples-os-x-most-vulnerable-software-of-2015/
Edited >1 y ago
Avatar feed
Responses: 2
COL Jim Kohlmann
1
1
0
Here's a link to some key info on CVEs https://cve.mitre.org/about/faqs.html
Things I pay attention to: start with current year vulnerabilities. There is a good chance the owner has worked to remediate or mitigate earlier issues (but not always). Look at the higher score first (i.e. 10 va 4.8). Then see what it it effects. Then check the DISA STIG site to see if there are STIGs that address the vulnerability. If not, then ask the manufacturer what they are going to do about the vulnerability - and use the CVE number in that correspondence.
(1)
Comment
(0)
SGT Writer
SGT (Join to see)
>1 y
COL Jim Kohlmann - Thanks for sharing, sir. Never heard of InfoSec Institute. I see their programs are paid. I plan to try to get Linux + from VCTP at Syracuse University and then I'll hopefully remember to check my bookmarks for this. My Sec + expired already, and I figured if I get Linux +/LPIC-1, I can advance in LPIC-2/3. Do you have any thoughts on this ?
(0)
Reply
(0)
COL Jim Kohlmann
COL Jim Kohlmann
>1 y
Lots of work In Linux, and advance certification there is great. However, those certs don't work for DoD 8570 - So if you want to work in DoD, get recertified. Long term, the higher paying job go with the tougher certs. I'd recommend shooting for a CISSP cert, which will qualify you for just about any Cybersecurity job. And while you are working on that, don't let any cert you have lapse!
(1)
Reply
(0)
SGT Writer
SGT (Join to see)
>1 y
COL Jim Kohlmann - I want to work with Linux. I don't care much about DoD, although I have considered working with Red Hat. And CISSP. . . I'll have to check that out again sometime. Thanks again.
(1)
Reply
(0)
COL Jim Kohlmann
COL Jim Kohlmann
>1 y
SGT (Join to see) - Sounds like you know what you want to do - that's half the battle. Good luck!
(0)
Reply
(0)
Avatar small
SSG Derek Scheller
0
0
0
What they are and what information they provide. Also, you should know where to find them and how they can be exploited.
(0)
Comment
(0)
SGT Writer
SGT (Join to see)
>1 y
The number of vulnerabilities. They're from the initial download, right? If you do hardening on the software, ie. linux kernel or any desktop OS, that can affect the total number, right ?
(0)
Reply
(0)
Avatar small

Join nearly 2 million former and current members of the US military, just like you.

close