As we've discussed, the ugly truth about vulnerabilities is that every system has them! Every single one. Worse: Each of these vulnerabilities has the capacity to destroy your privacy efforts all on its own!

And we're not just talking about a couple of vulnerability issues here and there. Think thousands upon thousands, with more being discovered every day. Our goal is to identify the ones applicable to our environment and deal with them. To do that, we'll need a list.

So off we go searching for vulnerabilities listings. It should be no surprise that one of the first entries that comes up is NIST's National Vulnerability Database (NVD). At the time of this writing, the NVD contained the following information:

• CVE Vulnerabilities: 143,438;
• Checklists: 513;
• US-CERT Alerts: 249;
• US-CERT Vuln Notes: 4,487;
• OVAL Queries: 10,286; and
• CPE Names: 500,344.

What do all these things mean?

• CVE stands for “Common Vulnerabilities and Exposures.” It is a list of entries that contain an ID number, vulnerability description, and appropriate references for everyone to use.
• US-CERT is the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.
• OVAL stands for “Open Vulnerability and Assessment Language” and it is an international effort to help standardize how to assess and report on the state of computer systems.
• And CPE stands for “Common Platform Enumeration.” ...