NVD
Definition
The National Vulnerability Database (NVD) is a comprehensive repository of standardized information on software vulnerabilities. Managed by the National Institute of Standards and Technology (NIST), it provides a public database of security-related software flaws, including details such as severity scores, impact metrics, and remediation guidance. The NVD is widely used by security professionals to assess and manage vulnerabilities in software systems.
Secure Settings Example
# Example of a secure configuration using a vulnerability scanner
vulnerability_scanner:
enabled: true
update_frequency: daily
scan_policies:
- policy_name: "Critical and High Severity"
severity_threshold: "high"
actions:
- notify: "security-team@example.com"
- auto_remediate: false
Insecure Settings Example
# Example of an insecure configuration with a vulnerability scanner
vulnerability_scanner:
enabled: false
update_frequency: monthly
scan_policies:
- policy_name: "Default"
severity_threshold: "low"
actions:
- notify: "admin@example.com"
- auto_remediate: true