Common Vulnerabilities and Exposures (CVE)

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. CVE is used by the Security Content Automation Protocol, and CVE IDs are listed on MITRE's system and US National Vulnerability Database. For finding vulnerabilities history for any application and the impact of it on the system, CVE database provides the information about the vulnerabilities and impact of it by using CVSS scoring system. The below links provide more information on CVE fields and searching vulnerabilities from CVE databases.


Repository:

Defining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and CVSS Metrics by HyunChul Joh and Yashwant K. Malaiya

Defining-predicting-CVSS.pdf

An Attack Surface Metric by Pratyusa K. Manadhata

Attack-Surface-Metric.pdf