Common Vulnerabilities and Exposures (CVE) is a standard that defines a common identification and dictionary for computer and information security vulnerabilities. The Mitre Corporation, whose Web site is http://cve.mitre.org, hosts and maintains the CVE standard.
The National Vulnerability Database (NVD) publishes the vulnerability summaries that provide detailed information for most known computer and information security vulnerabilities. These vulnerability summaries can be accessed using the CVE identifier (IDs) for a given vulnerability.
CCS lets you import the CVE 2.0 list and store them in the database. CCS also provides the CVE IDs, which the SCAP or OVAL content references in the evaluation result details of the SCAP or OVAL content. The evaluation result details provide link to the NVD vulnerability summaries for the CVE IDs. You can also use the Search option of the SCAP Evaluation Result Details dialog box to search the CVE IDs in the generated evaluation results.
CCS uses CVE standard in the following manner:
Imports the CVE list independent of the SCAP data stream.