From:	 Peter Mell <peter.mell@nist.gov>
To:	 bugtraq@securityfocus.com
Subject: NIST Gives Away Vulnerability Database
Date:	 Sat, 14 Jul 2001 09:44:18 -0400

NIST Gives Away Vulnerability Database

The NIST Computer Security Division's ICAT project team is now giving away 
copies of the ICAT vulnerability database for public use 
(http://icat.nist.gov). The database currently contains 2628 
vulnerabilities. This means that ICAT can now be used as a royalty free 
vulnerability database for commercial and free products. In addition, the 
ICAT data file contains a GUI interface allowing people to use ICAT as an 
off-line application. The ICAT team supports the public sharing of 
vulnerability information that can help secure systems and we are excited 
about releasing control of our data.

The ICAT vulnerability data is available as a Microsoft Access 2000 file in 
the "download" section of the ICAT web site. From this file, the data can 
be easily exported into most database products. It should be noted that 
ICAT is not itself a true vulnerability database but is instead a 
searchable index of vulnerability information. Only when the ICAT data is 
combined with the numerous vulnerability advisories that it references can 
ICAT be used as a vulnerability database. Thus, the most important data in 
ICAT is the mapping of CVE standard vulnerability enumerations 
(http://cve.mitre.org) to hyperlinks leading to various vendor and security 
company advisories. Another important data set in ICAT is the list of 
vendor names, product names, and version numbers associated with each 
vulnerability.

Peter Mell
National Institute of Standards and Technology