tag:blogger.com,1999:blog-9341359.post112431277387533501..comments2023-05-27T18:02:18.442+02:00Comments on Lunatic Thought: National Vulnerability Database and how furtherRudolf van der Berghttp://www.blogger.com/profile/17977561124307072281noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-9341359.post-91918972253935694172008-11-05T01:20:00.000+01:002008-11-05T01:20:00.000+01:00Rudolph,I think you're right on, although its inte...Rudolph,<BR/><BR/>I think you're right on, although its interesting to see how the platform leaders (i.e. Microsoft in your scenario and Intel in mine) are only now recognizing the value of the NVD.<BR/><BR/>Intel, for instance, is working with ISV's to grow the market by offering them the "Intel Certified" badge; think 'Intel Inside' extended to business applications, which include placement on a global software marketplace, etc.<BR/><BR/>Where did they look to find the most accurate, relevant source of security vulnerabilities? The NVD.<BR/>To your point, Rudolph, the NVD software audit is free, which checks either ISV or internal application code for known vulnerabilities:<BR/><BR/>http://certification.intel.com/promo/inventory/steps<BR/><BR/>But to subscribe to the annual security notification service -- and get your application promoted through Intel -- well, that costs extra.<BR/><BR/>Still, Intel's endorsement is timely and to your point, realizes the NVD's potential.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9341359.post-1130911872150386732005-11-02T07:11:00.000+01:002005-11-02T07:11:00.000+01:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.com