Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Task 1 Vulnerability RepositoriesIn this preliminary task, you get familiar with vulnerability repositories: CVE 1 ( referring to Common Vulnerabilities and Exposures ) and the
Task Vulnerability RepositoriesIn this preliminary task, you get familiar with vulnerability repositories: CVEreferring to Common Vulnerabilities and Exposures and the supporting CVESearch browsing utility. CVE industry standard is published by MITRE Corporation to assign an identifier to each discovered vulnerability and maintain apublicly accessible database of all identifiers. CVE Details website then categorizes the discovered vulnerabilities into a Web interface to CVE vulnerabilitydata ranked by their published time. MITRE Corporation also publishes CWEstandard Common Weakness Enumeration which lists software and hardwareweaknesses related to the discovered vulnerabilities.Task Explore each of the databases above to become familiar with theirgoals, structures, and with the information they provide. Then report the most recently reported security issues in CVE with a brief description of eachreported issue. Finally, write a onepage report discussing the various repositories, the kind of information they provide.Task Pick a random month from last year eg your birthday monthand see how many vulnerabilities were reported that month. Report how manythere were for the month, and calculate the average number of vulnerabilitiesreported per day. If you were a security professional, and spent on average minutes looking at each CVE entry to see if it applied to systems you manage,how much time per week would you spend reviewing CVEs?Task Look into some of these vulnerabilities you can just click randomlyon the CVEs in your chosen month to see how they are reported. Find a vulnerability that is associated with software or systems you may use and report onyour findings, then describe how the security goals Confidentiality, Availabilityand Integrity could be threatened based on the information reported in CVE entry and related CWE categories. Looking further into the information reported in CVE, explain how could automation help filtering out reports to reduce the amount of time you would need to spend reviewing CVEs that are relevant toyour chosen software or system.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started