The IT Law Wiki

Definition[]

A vulnerability database is a collection of searchable information on vulnerabilities that affect information systems.

Overview[]

Many of these databases are publicly accessible via the Web. These websites are generally run by third parties not affiliated with software vendors, and can provide a wealth of information to system administrators and security professionals. They strive to cover most operating systems and software applications. Because they are not affiliated with software vendors, they often provide information that the vendor, or other organizations affiliated with the vendor, does not provide.

Vulnerability databases tend to be the quickest to report new vulnerabilities, which is both a benefit and a disadvantage. The provision of timely information on vulnerabilities can be critical to the success of a system administrator in securing a network.

Database information[]

Although the quantity and quality of information vary to some degree from site to site, vulnerability databases typically include the following types of information:

Overall, vulnerability databases are one of the most powerful resources available. Even if other sources are principally relied upon for vulnerability information, the general news and discussions provided on the vulnerability database sites can prove invaluable.

Source[]