Threat management means being aware of known vulnerabilities that may apply to your entities and technologies.
The National Vulnerability Database (NVD) tracks thousands of vulnerabilities, most identified by a unique CVE (Common Vulnerabilities and Exposures) number.
Not all vulnerabilities will apply to your organization. The NVD and other subscription feeds, such as VeriSign iDefense Labs, provide vulnerability definitions (VD). When a VD targets your entities or technologies, the system identifies a vulnerability instance (VI). VIs can be inferred (reported by a feed) or actual.
RiskVision works with vulnerability scanners, such as Qualys, that identify vulnerability instances. RiskVision can also create VIs on its own, based on VDs and the technologies catalog known as the Common Platform Enumeration (CPE). VIs are usually identified by CVE numbers. The same VI may be reported more than once for a given entity.
