Computer security data has nine lives in ICAT metabase

Computer security data has nine lives in ICAT metabase

By Susan M. Menke

GCN Staff

The ICAT metabase recently set up by the National Institute of Standards and Technology's Computer Security Division lets users search for vulnerability data in a large number of online databases and patch sites.

ICAT is a searchable Web index rather than a database. The acronym doesn't stand for anything; images of cats and Catwoman appear on its home page at

Users can search ICAT's information by vendor, product, version or keywords, narrowing the search with drop-down lists for operating system, device type, severity, consequences and so on.

Security nexus

ICAT indexes the online information provided by the Federal Computer Incident Response Capability, CERT Coordination Center advisories, the X-Force bulletins of Internet Security Systems Inc. of Atlanta, the Web site, the security mail lists of and, and other security resources.

ICAT follows the vulnerability naming standards used in the Common Vulnerabilities and Exposures dictionary compiled last year by Mitre Corp. of Bedford, Mass., at [GCN, Nov. 8, 1999, Page 41].

ICAT also shows statistical tables of vulnerabilities by year, losses, equipment types, OSes and other criteria.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.