As I mentioned in Chapter 2, there is no terminological unity among specialists in the field of intrusion detection. This results in confusion and misunderstanding. To improve this situation and eliminate the confusion when naming attacks and vulnerabilities, the MITRE Corporation in 1999 suggested a solution independent of manufacturers of intrusion detection systems, security scanners, etc, [Mann1-99]. This solution was implemented in the form of the CVE database (Common Vulnerabilities and Exposures). This enabled developers to specify a single name for a vulnerability, universally understandable to all professionals.
Besides MITRE experts, specialists from many other companies and organizations have participated in the development of the CVE database. The list of participants includes ISS, Cisco, BindView, Axent, NFR, L-3, CyberSafe, CERT, Carnegie Mellon University, SANS, UC Davis Computer Security Lab, CERIAS, etc. At the moment of this writing, the CVE database contained descriptions of more than 2220 vulnerabilities.