Vulnerabilities Checklists Product Dictionary Impact Metrics Data Feeds Statistics
Home SCAP SCAP Validated Tools SCAP Events About Contact Vendor Comments
Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status

NVD contains:

40611 CVE Vulnerabilities
129Checklists
191 US-CERT Alerts
2369 US-CERT Vuln Notes
2517OVAL Queries

Last updated:  02/09/10

CVE Publication rate:

11 vulnerabilities / day
Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 5.87
About Us

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

Third Annual Security Automation Conference Presentations

Below is a list of presentations from the 2007 Security Automation Conference. A list of presentations from the 2006 conference can be found here: http://nvd.nist.gov/scapconf.cfm

Day 1 Presentations
Presenter(s)Presentation
Margaret Myers - Principal Director, Deputy Assistant DoD Delivering the Power of Information
Tim Grance - Manager, Systems and Network Security Group - NIST SCAP Progress Report
Richard Hale - Chief Information Assurance Officer - DISA DISA Initiatives in Automating STIG Compliance
Sherrill Nicely - Deputy Associate Director - DNI Security Framework Convergence
John Streufert - Chief Information Security Officer - State Department Correlating Security Data Using SCAP Standards
Matt Barrett - Computer Security Division - NIST Federal Desktop Core Configuration
David Karmol - Standards Services Division - NIST NIST’s Standards Advisor for Iraq at Embassy Baghdad
Josh Shaul - Application Security, Inc. Securing Databases With an SCAP Compatible Toolset

Day 2 Presentations
Presenter(s)Presentation
Matt Barrett - Computer Security Division - NIST SCAP and Federal Desktop Core Configuration
Ron Ross - Computer Security Division - NIST FISMA Implementation
Tony Sager - Chief, Vulnerability Analysis & Operations Group - NSA Creating Value from Vulnerability
Peter Mell - National Vulnerability Database Program Manager - NIST SCAP Certification Testing
John Banghart - Booz Allen Hamilton SCAP Compliance Program
Kent Landfield - McAfee SCAP Initiatives - Our Opportunity To Excel
Sol Cates - SignaCert SCAP Methods – Present and Future
David Wilson - Xacta Xacta IA Manager - Automating Compliance for Security Operations
Ron Gula - CTO Tenable Network Security Agentless Configuration Auditing with Nessus
Clint Kreitner - The Center for Internet Security CIS Update

SCAP Workshop Presentations
Presenter(s)Presentation
Matt Barrett - NIST SCAP Nuts-n-Bolts
Matthew Wojcik - MITRE Enumerations: CVE, CCE, & CPE
Karen Scarfone - NIST CVSS V2 Tutorial
Jon Baker - MITRE Introduction to OVAL
Jon Baker - MITRE OVAL Definition Tutorial
Jon Baker - MITRE OVAL System Characteristics Tutorial
Jon Baker - MITRE OVAL Results Tutorial
Jon Baker - MITRE Intorduction to CRF

Disclaimer Notice & Privacy Statement / Security Notice

Send comments or suggestions to nvd@nist.gov

NIST Computer Security Resource Center (CSRC)

NIST is an Agency of the U.S. Commerce Department

Full vulnerability listing