Why is the Common Vulnerabilities and Exposures (CVE) resource useful when investigating vulnerabilities detected by a penetration test?
- It is an international consolidation of cybersecurity tools and databases.
- It is a high level list of software weaknesses.
- It has three vulnerability score components.
- It is a dictionary of known attacks.
|
Explanation & Hint: Common Vulnerabilities and Exposures (CVE) was created in 1999 to consolidate cybersecurity tools and databases internationally. Common Weakness Enumeration (CWE) is a high-level list of software weaknesses. The Common Vulnerability Scoring System (CVSS) has three components: base, temporal, and environmental scores. Common Attack Pattern Enumeration and Classification (CAPEC) is a dictionary of known attacks seen in the real world.
|