Japan Vulnerability Notes / What is JVN?

About JVN

What is JVN?

JVN stands for "the Japan Vulnerability Notes." It is a vulnerability information portal site designed to help ensure Internet security by providing vulnerability information and their solutions for software products used in Japan. JVN is operated jointly by the JPCERT Coordination Center and the Information-technology Promotion Agency (IPA).

What information is available on the JVN website?

JVN provides the description, solutions, and product developers' statements on each vulnerability.

A vulnerability is a security problem that may lead to loss of or decrease in functions or performance of software due to attacks such as computer viruses and unauthorized access to computers.Vulnerability information is a description about a vulnerability, including test and exploit methods.

JVN is a vulnerability knowledge-base assisting system administrators and software and other products developers enhance security for their products and customers.

Product developers' statements on vulnerabilities include information on affected products, workarounds, and solutions (e.g., updates and patches).

JVN and the Information Security Early Warning Partnership

In Japan, JPCERT/CC and IPA have been working with product developers and vulnerability discoverers under the Information Security Early Warning Partnership since July 2004 in order to collect vulnerability information and establish its secure distribution.

When the vulnerability information is reported to IPA, it is passed to JPCERT/CC. JPCERT/CC specifies the affected software products and coordinates with developers. When solutions for vulnerability such as patches or software updates are available for users, the vulnerability details with developers' statements are published on JVN.

JVN also publishes Technical Cyber Security Alerts and Vulnerability Notes issued by US CERT/CC (http://www.cert.org/) and Vulnerability Advice issued by UK CPNI (http://www.cpni.gov.uk/), both of which JPCERT/CC has cooperative relationships with.

JVN also independently collects vulnerability information about products that is available to the public, makes necessary coordination with product developers, and publishes the information on the JVN.

History of JVN

February 2003
The JVN working group was established, and the JVN trial website was opened. JVN contents were maintained by Doi and Takada laboratory, Keio University, with the support of JPCERT/CC, Internet Initiative Japan, Inc. (IIJ), and (former) Internet Security Systems K.K.
July 2004
The Information Security Early Warning Partnership was established. Joint operation of JVN by IPA and JPCERT/CC started.
April 2007
Website design was renewed to provide more information such as Description and Vulnerability Analysis by JPCERT/CC.
May 2008
The JVN website in English launched.