Red Hat is leading an initiative allowing software companies to brief users of a US government-backed security database on how far vulnerabilities affect their products. The Linux vendor has asked that companies can now comment on security holes listed by the National Vulnerability Database (NVD), in order to provide deeper analysis and explanation of the impact problems might have on their products.
The NVD houses data on 19,200 vulnerabilities going back eight years, and is sponsored by the Department of Homeland Security"s National Cyber Security Division. The database is managed by the National Institute of Standards and Technology. Red Hat is understood to have approached Novell, Hewlett-Packard, IBM and Mandriva to support its initiative, but only Mandriva has so far taken advantage of the service.