Computer security data has nine lives in ICAT metabase

Computer security data has nine lives in ICAT metabase

By Susan M. Menke

GCN Staff

The ICAT metabase recently set up by the National Institute of Standards and Technology's Computer Security Division lets users search for vulnerability data in a large number of online databases and patch sites.

ICAT is a searchable Web index rather than a database. The acronym doesn't stand for anything; images of cats and Catwoman appear on its home page at csrc.nist.gov/icat.

Users can search ICAT's information by vendor, product, version or keywords, narrowing the search with drop-down lists for operating system, device type, severity, consequences and so on.

Security nexus

ICAT indexes the online information provided by the Federal Computer Incident Response Capability, CERT Coordination Center advisories, the X-Force bulletins of Internet Security Systems Inc. of Atlanta, the www.SecurityFocus.com Web site, the security mail lists of Bugtraq.com and NTBugtraq.com, and other security resources.

ICAT follows the vulnerability naming standards used in the Common Vulnerabilities and Exposures dictionary compiled last year by Mitre Corp. of Bedford, Mass., at cve.mitre.org [GCN, Nov. 8, 1999, Page 41].

ICAT also shows statistical tables of vulnerabilities by year, losses, equipment types, OSes and other criteria.

inside gcn

  • blockchain (Immersion Imagery/Shutterstock.com)

    DARPA eyes 'less-explored avenues' of blockchain

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above