Useful Links
This page contains interesting and useful links.
Vulnerability Matrix
- The Ernst and Young vulnerability service
This is the Ernst and Young eSecurityOnline.com Demonstration
Online Vulnerability Service. It's a demo version only. A
free
version using the same database (as far as we can tell)
is available, but it only contains the vulnerabilities and
won't let you work with risk information.
- Common Vulnerabilities Exposure
This is a MITRE-organized effort to build a common naming mechanism for
vulnerabilities. It contains the CVE database as well as information about
the effort.
- Security Focus (aka Bugtraq)
This has the data from Bugtraq in both raw and database form.
It's a good starting
point for searches. It also has the annoying habit of sending lots of
cookies, so either turn off your accepting them, or turn off the warning
you get when a cookie arrives. (Personal peeve; Elias is a good guy, and
the cookies are not related to invading privacy as far as I know. But that
darned warning is so annoying!)
- ISS X-Force
This is the ISS X-Force database. It is the collection that ISS
products handle, and is another good starting point.
- System and Network Vulnerabilities
This is a list of several vulnerabilities that the ISS package finds.
Weinberg's Second Law: If builders built buildings the way
programmers wrote programs, then the first woodpecker to come
along would destroy civilization.
Matt Bishop
Department of Computer Science
3059 Engineering Unit II
phone: +1 (530) 752-8060
fax: +1 (530) 752-4767
email: bishop@cs.ucdavis.edu
Last modified on June 21, 2000.