tests. Many penetration tests start with a vulnerability assessment.


               Common Vulnerabilities and Exposures


               Vulnerabilities are commonly referred to using the Common
               Vulnerability and Exposures (CVE) dictionary. The CVE dictionary
               provides a standard convention used to identify vulnerabilities.
               MITRE maintains the CVE database, and you can view it here:
               www.cve .mitre.org.




                          MITRE looks like an acronym, but it isn’t. The founders do

                  have a history as research engineers at the Massachusetts’s
                  Institute of Technology (MIT) and the name reminds people of that

                  history. However, MITRE is not a part of MIT. MITRE receives
                  funding from the U.S. government to maintain the CVE database.



               Patch management and vulnerability management tools commonly
               use the CVE dictionary as a standard when scanning for specific
               vulnerabilities. As an example, the WannaCry ransomware, mentioned
               earlier, took advantage of vulnerability in unpatched Windows
               systems, and Microsoft released Microsoft Security Bulletin MS17-010
               with updates to prevent the attack. The same vulnerability is identified

               as CVE-2017-0143.

               The CVE database makes it easier for companies that create patch
               management and vulnerability management tools. They don’t have to
               expend any resources to manage the naming and definition of
               vulnerabilities but can instead focus on methods used to check
               systems for the vulnerabilities.