The QualysGuard® KnowledgeBase is the largest and most up-to-date vulnerability signature database in the security industry according to CVE standards. The Qualys® Vulnerability Research Team provides daily updates to the QualysGuard KnowledgeBase at an average of 25 vulnerability signature updates per week. The discovery of new vulnerabilities and remedies are collected through internal research, commercial relationships and online sources.
Knowledgebase at a Glance
Vulnerabilities That Count
QualysGuard KnowledgeBase includes more than 11,000+ vulnerability signatures. Forty-five percent of the vulnerabilities tracked are designated the highest level of severity by their vendors in terms of potential destruction, complexity, and liability to customers' networks. Attacks that exploit vulnerabilities at these levels allow intruders to easily gain control of the host, which may lead to compromising security of the entire network.
Signature Updates & Alerts
As new threats emerge everyday, Qualys continuously updates the vulnerability KnowledgeBase and all the Internet and Intranet Scanners to ensure that scans are performed with latest vulnerability checks. The QualysGuard KnowledgeBase incorporates vulnerability signatures on the same day the vulnerability goes public, including an advisory to customers in the case of severe vulnerabilities.
Qualys references the vulnerabilities in the QualysGuard KnowledgeBase to the CVE (Common Vulnerabilities and Exposures) standard, an index of publicly known information security vulnerabilities. The CVE index is the product of the collaborative efforts of the CVE Editorial Board, which is comprised of leading representatives from the information security community, and is maintained by the MITRE Corporation (http://www.cve.mitre.org)
Qualys Research independently verify the vendor-prescribed fix for each vulnerability before posting it in the QualysGuard KnowledgeBase. In addition to confirming that the vendor fix does correct the vulnerability, this testing also verifies that the fix does not harm the system or undo another previously implemented security fix.
Accuracy and Reliability
A unique benefit of the QualysGuard Web services platform is the ability to test every signature in the KnowledgeBase nightly to ensure consistent accuracy and quality. The result of this regular testing is a false positive rate of less than 0.003%. Read how Qualys Technical Support manages false-positives.