Deploying JP Vendor Status Notes (JVN) for Dissemination of Security Information Throughout Japan
2. Need for domestic venue for sharing vulnerabilities information: start of JVN
While security issues have intensified with the spread of the Internet, measures for dealing with vulnerabilities have also continued to improve. The Computer Emergency Response Team Coordination Center (CERT/CC) has been at the forefront of efforts to deal with security-related incidents in the U.S. since the latter half of the 1980s, issuing reports on vulnerability patches, collecting information on dealing with vulnerabilities, and maintaining a site where people can go to browse through vulnerability information reports. The CERT/CC site has become the first place corporate and organization systems operations people check to obtain a good overview of what patches are available and to find out what information the product vendors have released on how to deal with the vulnerabilities of their products. But the information put up on the CERT/CC site mainly relates to the domestic situation in the U.S. In Japan we have not had a comparable entity that collects security information pertaining to software products that are used in Japan. When Japanese users ran into problems, they had to search high and low for information that might help them resolve the problem from widely scattered sources: vendors who provide security-related information, software product developers, communities of users, individual users, and so on.
To improve upon this situation, the JVN: JPCERT/CC Vender Status Notes Database was launched in February 2003 with the backing and support of the JPCERT/CC. Designed specifically for information relating to vulnerabilities of software products used in Japan, the purpose of the database to provide a site to share the latest information about domestic software product vulnerabilities and to help users deal with software related problems. Information about vulnerabilities per se is already disseminated in the form of security hole(*1) reports that are put out by many organizations and vendors. The database greatly enhances the usefulness of this information by also including updated information and status reports from software product vendors on their latest efforts to deal with vulnerabilities. The primary purpose of the JVN database is to collect and disseminate this information.
* CERT is registered in the U.S. Patent and Trademark Office.
- *1
-
Security hole:
In computer security this refers to a vulnerability or weakness in a system that may result from a system design flaw or bug. If unresolved, such flaws leave a system vulnerable to attacks via the Internet that could compromise the integrity or confidentiality of the system.
