The CEDS database, which contains information on organizations’ cybersecurity risk, has become increasingly popular in recent years as cybersecurity companies scramble to stay ahead of cyberattacks and cybercriminals.
Now, Axios has learned that some of the most valuable cybersecurity risk data in the database is now available to anyone with access to the database.
Researchers from the security consulting firm Trend Micro have discovered that a large portion of the CEDHR database is missing information about the vulnerability it is designed to help companies detect.
This data is critical to the security of the database, researchers said.
The problem stems from an issue that researchers identified during an internal investigation into the database’s design: The database is not properly organized, according to a report released Monday by Trend Micro.
The database contains a vast amount of information on cybersecurity threats, from attacks to ransomware, and is used by the companies that own it.
It’s vital for companies to know the types of threats that they’re facing, and how they might be mitigated, researchers wrote.
Trend Micro discovered that some information in the CMDIR database had been moved from the ChedDHL database to the National Vulnerability Database (NVD), a database of more than 100,000 security vulnerabilities.
This information was missing from the database because the CmdIR database is owned by the United States Department of Homeland Security, according the report.
Researchers identified the problem during a second internal investigation.
The NVD database contains information about cybersecurity risks in the United Kingdom, the United Arab Emirates, France, Germany, Russia, China, and the United Nations.
It contains information related to vulnerabilities and vulnerabilities mitigated by known and novel vulnerabilities, according Trend Micro, which first reported the missing information.
The NVD also contains data about how the data is collected and used.
Researchers said the NVD data is also missing information on what kind of information is collected from companies, such as how often the information is updated.
Researchers also said that some organizations were using CMDIRT data in ways that violated federal and state data privacy laws.
For example, one company was using CmdIRT data for its internal reporting, according a report by Axios.
Trend Macro also noted that the CIEDHR database contains data that could be useful for security researchers to work with, but the information could also be used by criminals.
For this reason, it’s important to use the data to determine whether companies are protecting their customers and to assess whether security changes are necessary, the report said.