# Security terms

Here are some of common security terms that are used within the tool:

### **Common Vulnerability Enumeration (CVE)** <a href="#whatiscommonvulnerabilityenumeration-cve" id="whatiscommonvulnerabilityenumeration-cve"></a>

This is a vulnerability published in an open database by NVD, with an assigned vulnerability ID known as CVE ID. Examples include Heartbleed (CVE-2014-0160) and Shellshock (CVE-2014-6271).

{% embed url="<https://www.youtube.com/watch?v=nwsFEuCXyxI>" %}

### **Common Vulnerability Scoring System (CVSS)** <a href="#whatiscommonvulnerabilityscoringsystem-cvss" id="whatiscommonvulnerabilityscoringsystem-cvss"></a>

An open framework for describing the severity of vulnerabilities, where each vulnerability is given a score between 0 and 10, with 10 being critical.

{% embed url="<https://www.youtube.com/watch?v=SYio0CH6-Mo>" %}

### **Common Weakness Enumeration (CWE)** <a href="#whatuscommonweaknessenumeration-cwe" id="whatuscommonweaknessenumeration-cwe"></a>

This is a weakness, either in software or in hardware, that may be exploited in a specific system. The CWE list is a tree hierarchy with different levels of abstraction. An example of a CWE tree chain, from high to low abstraction, may look like:

"Improper Restriction of Operations within the Bounds of a Memory Buffer" (CWE-119) -> "Buffer Copy without Checking Size of Input" (CWE-120) -> "Stack-based Buffer Overflow" (CWE-121).

{% embed url="<https://www.youtube.com/watch?v=GJNaEpv3Ok0>" %}

### **Common Platform Enumeration (CPE)** <a href="#whatiscommonplatformenumeration-cpe" id="whatiscommonplatformenumeration-cpe"></a>

This is a naming scheme for IT systems, software, and packages. An example of a CPE string for the React framework, version 16, is:

*cpe:2.3:a:facebook:react:16.0.0:\*:\*:\*:\*:\*:\*:\**.

{% embed url="<https://www.youtube.com/watch?v=Pfn74NDTs78>" %}

### **Node Package Manager (npm)** <a href="#whatisthe-nodepackagemanager-npm" id="whatisthe-nodepackagemanager-npm"></a>

A package manager for JavaScript consisting of a command line client **npm**, along with an online database of packages known as the **npm registry**. npm handles local dependencies, as well as global JavaScript tools. As of 2023, npm has joined forces with GitHub.

### **National Vulnerability Database (NVD)** <a href="#whatisthe-nationalvulnerabilitydatabase-nvd" id="whatisthe-nationalvulnerabilitydatabase-nvd"></a>

An open database, managed by the U.S. government, for management of vulnerabilities. The information displayed is an aggregation of multiple sources along with a severity scoring using CVSS, the type of vulnerability as a CWE, and affected products as a CPE.

### Understanding security vulnerabilities - video series

Have a look at the online course giving you an overview of security vulnerabilities and related topics. In this series, you will learn about:

* Different types of security vulnerabilities
* How to identify and mitigate them
* Common attacks and how to protect your team from it

Whether you are a beginner or an experienced developer or a security professional, this series is designed to help you enhance your knowledge of open-source security and keep your code secure.

[**Check it out**](https://www.youtube.com/playlist?list=PLZQ5U-W8XnxMCnOWqBccsShZJxz8kV53h)**,** improve your skills and stay ahead in the fast-changing world of technology.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.debricked.com/product/vulnerability-management/security-terms.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.