"New Vulnerability Database Catalogs Cloud Security Issues"

Because of the lack of a Common Vulnerability Enumeration (CVE) program, such as the one maintained by MITRE for publicly disclosed software security issues, organizations have traditionally struggled to track vulnerabilities in public cloud platforms and services. Therefore, a new community-based database has been launched to begin addressing that issue by providing a central repository of information about known cloud service provider security issues and the steps organizations can take to mitigate them. The database, cloudvulndb.org, was created by Wiz security researchers who have long argued for the need of a public list of vulnerabilities in systems and services used by companies like AWS, Microsoft, and Google. About 70 cloud security flaws and vulnerabilities, which the security researcher Scott Piper had previously assembled in a GitHub document titled "Cloud Service Provider security blunders," are already listed in the database. Anyone can suggest new issues to include on the website or brand-new solutions to problems already present. The objective is to compile a list of problems that a cloud service provider may have already solved. The centralized database enables businesses to review all previous security concerns with their cloud service provider at any time and determine whether the required corrective measures have been taken. The vulnerability database website currently does not have a mechanism in place to alert users immediately whenever new security flaws are added to it. One of the people responsible for maintaining the new database explains that the plan is to include an RSS feed or mailing list for that reason. This article continues to discuss the new community website for reporting and tracking security issues in cloud platforms and services.

Dark Reading reports "New Vulnerability Database Catalogs Cloud Security Issues"