> CVE IDs. They are available out of Nessus. The CVE db is
> supported by MANY vendors. The CVE db has lots of resources.
> Check cve.mitre.org.
Yes, CVE is quite good and is in fact, the glue that
can be used to put all databases together.
>
> People _are_ making an effort to standardize plugin IDs,
> and it is happening. You just have to know where to look.
>
However, there is a problem of vendors and databases
not being updated, for example, when candidates (CAN-XXX)
become CVE references. Also, some advisories/plugins are
written before there even is a CVE reference.
My target is trying to, even if there are no CVE
references, link similar vulnerabilities. This can be done
(and Nessus improved with information available at public databases
or compared to other vendor's) but needs quite a lot of work.
Best regards
Javi
