The Qualys KnowledgeBase is the largest and most up-to-date vulnerability signature database in the security industry referenced to the CVE standard. The Qualys Vulnerability Research team provides daily updates to the Qualys KnowledgeBase at an average of 25 vulnerability signature updates per week. The discovery of new vulnerabilities and remedies are collected through internal research, commercial relationships and online sources.
Vulnerabilities That Count
Qualys KnowledgeBase includes more than 25,000 vulnerability signatures. Forty-five percent of the vulnerabilities tracked are designated the highest level of severity by their vendors in terms of potential destruction, complexity, and liability to customers' networks. Attacks that exploit vulnerabilities at these levels allow intruders to easily gain control of the host, which may lead to compromising security of the entire network.
The Qualys Vulnerability Research team independently verifies the vendor-prescribed fix for each vulnerability before posting it in the Qualys KnowledgeBase. In addition to confirming that the vendor fix does correct the vulnerability, this testing also verifies that the fix does not harm the system or undo another previously implemented security fix.
Signature Updates & Alerts
As new threats emerge every day, Qualys continuously updates the vulnerability KnowledgeBase and all the Internet and Intranet Scanners to ensure that scans are performed with the latest vulnerability checks. The Qualys KnowledgeBase incorporates vulnerability signatures on the same day the vulnerability goes public, including an advisory to customers in the case of severe vulnerabilities.
Accuracy and Reliability
A unique benefit of the Qualys Web services platform is the ability to test every signature in the KnowledgeBase nightly build to ensure consistent accuracy and quality. The result of this regular testing is a false positive rate of less than 0.003%. Read how Qualys Technical Support manages false positives.
Qualys references the vulnerabilities in the Qualys KnowledgeBase to the CVE (Common Vulnerabilities and Exposures) standard, an index of publicly known information security vulnerabilities. The CVE index is the product of the collaborative efforts of the CVE Editorial Board, which is comprised of leading representatives from the information security community, and is maintained by the MITRE Corporation (http://www.cve.mitre.org).