Your IAM Toolset: the NVD Database

Being in technical field it seems the TLAs (Three Letter Acronyms) and FLAs (Four Letter Acronyms) abound. But at times knowing about a few of them may provide key information we can all use to protect our customers.

Such is the case with the NVD (National Vulnerability Database).

First off, the NVD is hosted on the NIST.gov site. This database contains information about software or programming that can either create or leave open vulnerabilities. For example, if you type IDM on the search bar, 57 entries come back. These include vulnerabilities in IDM apps including Novell and Sun IdM (btw, I only picked these two as they are on the first set of returned entries). If you open one of these vulnerabilities the NVD has information on what causes it, what damages it could do and most improtantly, how to remediate it.

You can search by product or vendor name to narrow in on the entries that might be of concern. Some of the newer ones have just been reported and might not have a solution yet. Of course you can check with support at the company whose software has a concern.

So I’d recommend taking a few minutes to explore this database and the information that is available and add this site to your IDM toolset.