Chinese National Vulnerability Database

China National Vulnerability Database (CNNVD)
国家信息安全漏洞库
Agency overview
Formed	18 October 2009
Type	Cybersecurity Agency
Jurisdiction	Mainland China
Headquarters	Building 1, No. 8 Courtyard, Shangdi West Road, Haidian District, 100085 Beijing, China
Employees	Unknown
Annual budget	Unknown
Parent department	Ministry of State Security
Website	http://www.cnnvd.org.cn

The Chinese National Vulnerability Database (CNNVD) is the People's Republic of China's national vulnerability database. It is operated at https://www.cnvd.org.cn/ and operated by the China Information Technology Evaluation Center[1] and maintained by the Chinese Ministry of State Security (MSS).[2] As of September 28, 2020, the database has 117,454 vulnerabilities cataloged with the first entry dated January 1, 2010.[3]

Organisation

The organisation is operated by the China Technology Evaluation Center (CNITSEC), itself an office based out of the MSS, making the organisation closely linked to the Chinese intelligence apparatus.[4] The agency has been criticized as a trojan horse manipulated by Chinese intelligence in order to take advantage of vulnerabilities reported in order to wage cyberwarfare against foreign targets.

According to Boston based cybersecurity firm Recorded Future, the MSS evaluates all submitted vulnerabilities before releasing them in order to determine if they can be used for the purposes of cyber-espionage; according to researchers this was demonstrated through extensive backdating of vulnerabilities.[5]

China Information Technology Evaluation Center (CNITSEC)

According to its official website, CNNVD is operated by the China Information Technology Evaluation Center or CNITSEC for short whose purpose is: "analysis and information communication of security vulnerabilities of information technology products and systems; security risk assessment of information networks and important information systems of party and government organs; safety testing and evaluation of information technology products, systems and engineering construction; competency assessments and qualification reviews for information security services and professionals; theoretical research, technology research and development and the development of standards"[6]

References

"国家信息安全漏洞共享平台". www.cnvd.org.cn. Retrieved 2020-09-29.
Sass, Rami (2019-01-16). "Not all National Vulnerability Databases are created equal". IT Pro Portal. Retrieved 2019-06-03.
"国家信息安全漏洞共享平台". archive.vn. 2020-09-29. Archived from the original on 2020-09-29. Retrieved 2020-09-29.
"China's Ministry of State Security Likely Influences National Network Vulnerability Publications". www.recordedfuture.com. Retrieved 2022-08-14.
"China's national vulnerability database is merely a tool for its intelligence agencies". CyberScoop. 2018-03-09. Retrieved 2022-08-14.
"国家信息安全漏洞库". www.cnnvd.org.cn. Retrieved 2022-08-14.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] "国家信息安全漏洞共享平台". www.cnvd.org.cn. Retrieved 2020-09-29.

[2] Sass, Rami (2019-01-16). "Not all National Vulnerability Databases are created equal". IT Pro Portal. Retrieved 2019-06-03.

[3] "国家信息安全漏洞共享平台". archive.vn. 2020-09-29. Archived from the original on 2020-09-29. Retrieved 2020-09-29.

[4] "China's Ministry of State Security Likely Influences National Network Vulnerability Publications". www.recordedfuture.com. Retrieved 2022-08-14.

[5] "China's national vulnerability database is merely a tool for its intelligence agencies". CyberScoop. 2018-03-09. Retrieved 2022-08-14.

[6] "国家信息安全漏洞库". www.cnnvd.org.cn. Retrieved 2022-08-14.