Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:JVN iPedia Upgraded to New Version

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:JVN iPedia Upgraded to New Version

CWE-Compatibility Trial for Vulnerability Type Identification Launched
CWE (Common Weakness Enumeration)

September 10, 2008
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Koji Nishigaki) has upgraded JVN iPedia, the vulnerability countermeasure information database to the new version. Upgrade includes improved search functionality in response to user feedback and CWE-compatibility trial to strengthen international partnership. Introduction to CWE is also available on the IPA Web site.

JVN iPedia ( http://jvndb.jvn.jp/ ) was launched as the national vulnerability countermeasure information database on April 25, 2007, and has been providing vulnerability information on domestic and overseas software products used in Japan. Currently, the total of 5,299 vulnerabilities are stored in JVN iPedia, of which 61 were collected from domestic vendors, 512 through JVN(*1) and 4,726 through NVD(*2).

IPA has upgraded JVN iPedia and it now supports CWE as a trial to strengthen international partnership, provides improved search functionality reflecting user requests from feedback and enables better cross-referenceability between the Japanese and English version.

JVN iPedia has more than 100,000 accesses per month. IPA hopes that the users continue to use JVN iPedia as a useful source of vulnerability information.

1.CWE-Compatibility Trial for Vulnerability Type Identification

CWE (Common Weakness Enumeration) is a global standard that provides a common language to describe the type of vulnerability, such as SQL injection, cross-site scripting and buffer overflow. MITRE(*3), with support from the U.S. government, led the effort and published the version 1.0 of CWE on September 9, 2008(*4), after improving and expanding the draft specification in collaboration with more than 40 vendors and research entities.

IPA starts publishing a vulnerability type with some of JVN iPedia vulnerability countermeasure information based on CWE to enhance the quality of JVN iPedia and strengthen international partnership. Users can search vulnerability information by CWE-ID and software developers can utilize CWE as a mean to understand and prevent vulnerability.

For more information on CWE, please refer to:
CWE Overview ( http://www.ipa.go.jp/security/english/vuln/CWE_en.html )

2.Improved Search Functionality

A keyword search now supports a mixed used of upper-case and lower-case letter, and one-byte and two-byte character. For example, search by “LINUX” and “Linux” would get the same search results, making a search easier and more convenient.

3.Better Cross-Referenceability between the Japanese and English Version

The English version of JVN iPedia( http://jvndb.jvn.jp/en/ ) was launched on May 21, 2008, to promote both domestic and oversea use of JVN iPedia vulnerability countermeasure information and strengthen international partnership.
Presently, the total of 371 vulnerabilities is stored on the English version, of which 60 were collected from domestic vendors and 311 through JVN.

To make it easier to access a corresponding vulnerability record between the Japanese and English version, a link to each other has been added as an element.

Footnote

(*1)Japan Vulnerability Notes. A portal for vulnerability countermeasure information providing information on vendor response to the found vulnerabilities and security support. Operated in the collaboration of IPA and JPCERT/CC.
http://jvn.jp/en/

(*2)National Vulnerability Database. A vulnerability database run by NIST (National Institute of Standards and Technology).
http://nvd.nist.gov/

(*3)MITRE Corporation. A not-for-profit organization that provides information technology support and R&D development to the U.S. government.
http://www.mitre.org/

(*4)For more information, please refer to CWE Version 1.0 Now Available
http://cwe.mitre.org/news/index.html#20080909a

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: