CVE ==Common Vulnerabilities and Exposures== Common Vulnerability Scoring System (CVSS)
https://www.cve.org/ - official - Contain all CVE Details
Founded in 1999, MITRE Corporation, a U.S. Government-funded research and development company, developed the CVE, a uniform standard for reporting and tracking software security bugs.
CVE entries are brief. They don’t include technical data or information about risks, impacts, and fixes. Those details appear in other databases, including the U.S. National Vulnerability Database (NVD), the CERT/CC Vulnerability Notes Database, and various lists maintained by vendors and other organizations.
CVE identifiers (or CVE IDs) are assigned by a CVE Numbering Authority (CNA).
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.
https://osv.dev/ ![[01_OSV_page.png]]