How are vulnerabilities numbered CVE/CAN/BugTraq/cncve/cnvd/cnnvd?

In some articles and reports, we often mention the vulnerability numbers starting with CVE such as the security vulnerability CVE-1999-1046. This article introduces the common vulnerability ID Representation Methods:

1. Starting with CVE, such as CVE-1999-1046

CVE public vulnerabilities and exposures are Common Vulnerabilities & exposures. CVE is like a dictionary table that provides a public name for widely recognized information security vulnerabilities or vulnerabilities exposed. Using a common name can help users share data with vulnerability assessment tools in their independent vulnerability databases, even though these tools are difficult to integrate. This makes CVE a "keyword" for security information sharing ". Suppose a vulnerability specified in a vulnerability report has a CVE name, And you can quickly find the fix information in any other CVE-compatible database to solve security problems.

2. Start with CAN, such as can-2000-0626

The only difference between "can" and "CVE" is that the former represents a candidate entry, which is not approved by the CVE Editorial Board, and the latter is an accepted entry. Then, the two types of entries are visible to the public, and the number of entries does not change with the approval-but the prefix "can" is replaced with "CVE ".

3. BugTraq

BugTraq is a complete list of emails for moderate disclosure of computer security vulnerabilities (what they are, how they are used, and how they are fixed)

4, starting with cncve, such as CNCVE-20000629

Cncve is the CVE of China (CN). It is a standard used by cncert/CC (National Computer Network Emergency Response Coordination Center) to identify vulnerabilities, under the leadership of the National Computer Network Emergency Response Coordination Center (cncert/CC), China is establishing its own CVE organization. The purpose of cncve is to build a CVE organization with Chinese characteristics that can serve the majority of users in China. CVE does not describe the main features of vulnerabilities and name vulnerabilities in a unified manner. Cncve not only uniformly defines the descriptions of vulnerabilities, but also includes vulnerability patches, verification, and other measures for convenience and practicality.

5, with cnvd, such as CNVD-2014-0282

Cnvd is a national information security vulnerability sharing platform. It is a national computer network emergency technical Handling Coordination Center (cncert) information Security Vulnerability Information Sharing knowledge base established with important information system units, basic telecom operators, network security vendors, software vendors, and Internet companies in China. The vulnerability number rule is cnvd-XXXX-XXXXX.

6. Start with cnnvd, such as CNNVD-201404-530

Cnnvd is the national information security vulnerability library in China. The vulnerability number rule is cnnvd-xxxxxx-xxx. To effectively perform vulnerability analysis and risk assessment, the China Information Security Review center is responsible for building a national information security vulnerability library for O & M and providing basic services for information security assurance in China.

Entrance Exam link http://blog.csdn.net/minitoy/article/details/6602000

How are vulnerabilities numbered CVE/CAN/BugTraq/cncve/cnvd/cnnvd?