The Greenbone Security Manager product line follows standards in various areas.
Common Vulnerabilities and Exposures
(Documented vulnerabilities in IT systems)Most of the vulnerability tests of the Greenbone Security Feed have a relationship to one or more CVE entries. These are directly available in scan reports as cross references.
All of the CVE data are, daily updated, available in the user interface for further research. Additionally, these are used in combination with CPE data from the asset management to provide vulnerability prognosis.
Common Product Enumeration
(Unified naming scheme of products tosupport identification of vulnerabilities)
The product detection routines of the Greenbone Security Feed associate, if possible, a CPE code. These data get available in the scan report as well as in the asset management.
Greenbone actively contributes to the CPE database. This database is available in the user interface for further research and daily updated.
Common Vulnerability Scoring System
(Unified scheme to describe the severity of security issues)
Any vulnerability test of the Greenbone Security Feed has been assigned with a CVSS value. This allows unified analysis, comparison and selection regarding severity in scan reports.
Open Vulnerability and Assessment Language
(Community-Developed Language for Determining Vulnerability and Configuration Issues on Computer Systems)
The OVAL data allow detailed insight in how a vulnerability is tested for. It is also possible to run external OVAL scanners with these data.