Three organizations have teamed up to create a standard database of wireless threats: Every industry now seems to have its own threats database, and there are good reasons to standardize on names, behavior, and vendor responses. CERT started over 17 years ago to help assess Internet vulnerabilities; with years of wireless attacks in the wild, the Wireless Vulnerabilities and Exploits (WVE) site is overdue.
Network Chemistry, a wireless network security firm, is one of three sponsors, along with training and certification firm CWNP, and the Center for Advanced Defense studies. The editorial board includes highly credible members. The site perhaps softlaunched earlier, but the formal press release went out today.
One of the points of the WVE, like similar codifications of threats, is that a discrete number assigned to a particular exploit or vulnerability means that it can be referred to across the literature without duplication. This makes it easier for vendors and open-source projects alike to check off specific known problems from their lists, and for certification processes that involve reducing risk to have a testbed as well.
For instance, if I want to talk about weak initialization vectors (IVs), a flaw that made the broken WEP encryption standard even more broken than it was, I'd write about WVE-2005-0021. One flaw in the organization of the site is that the URL should allow a WVE number to be used after the URL; instead, the numbers in the database are arbitrary and don't match the WVE numbers.