draf
SSVC
draf | SSVC | |
---|---|---|
1 | 1 | |
12 | 107 | |
- | 3.7% | |
5.0 | 9.2 | |
2 months ago | 7 days ago | |
Python | Python | |
GNU Lesser General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
draf
SSVC
-
How useful is CVSS Score in CVE triage - The CVSS who cried wolf
so on this point i disagree with the author. depending on what you want to do, two methodologies i've used in the past have worked well for me: - EPSS - exploit predictability scoring system. how likely is this to be exploited? for many a key metric in patching prioritization - SSVC - stakeholder specific vulnerability categorization, comes to one of four outcomes for patching - immediately, emergency window, next scheduled window, or whenever. gets to how severe an impact would be on the business as a whole.
What are some alternatives?
MLBox - MLBox is a powerful Automated Machine Learning python library.
GVM-Docker - Greenbone Vulnerability Management Docker Image with OpenVAS
pyomo - An object-oriented algebraic modeling language in Python for structured optimization problems.
cve-scanner-testing - Vulnerable Docker images created in different ways to check Docker image CVE scanners
Ray - Ray is a unified framework for scaling AI and Python applications. Ray consists of a core distributed runtime and a set of AI Libraries for accelerating ML workloads.
vulnerability-management-resources - A collection of resources related to vulnerability management.
BayesianOptimization - A Python implementation of global optimization with gaussian processes.
cve - Gather and update all available and newest CVEs with their PoC.
ThreatMapper - Open Source Cloud Native Application Protection Platform (CNAPP)