National Vulnerability Database (NVD)


Overview

  • The NVD is a U.S. government repository of standards-based vulnerability management data.
  • The data comes from analysis of common vulnerabilities and exposures (CVE) records that has been published to the CVE dictionary.
  • There are currently over 183,000 CVE records of data available for threat trending and analysis.
  • This data source is extremely valuable because each record in the NVD database has been analyzed to specific government standards of quality and completeness. Searches can be customized specific to electronic payment assets.
  • The data includes security checklist references, security related software flaws, misconfigurations, product names and impact metrics pertinent to the electronic payment industry and beyond

Collection Strategy:

  • The National Vulnerability Database (NVD) data was collected using a customized API and Python Script
  • The application Postman was used to generate a client API call and dump the response into a JSON format:
    NVD collection through Postman
  • This approach was taken to test the API call and determine if the data received was relevant before creating an automated method of data collection.
  • A customized Python script was created to automate the API call and convert the JSON response into a CSV file for analysis:
    NVD Python Script
  • The script was created so that the API could be called programmatically each day to collect the data set and store into an AWS S3 bucket.

Summary Statistics:

  • Records Collected: ~183,300
  • Coverage Dates: October 1988 - March 2022

Sample Data:

  • Link