vulnerability-management-resources
A collection of resources related to vulnerability management. (by nickpieper)
SSVC
Stakeholder-Specific Vulnerability Categorization (by CERTCC)
vulnerability-management-resources | SSVC | |
---|---|---|
2 | 1 | |
10 | 106 | |
- | 2.8% | |
2.6 | 9.2 | |
9 months ago | 11 days ago | |
Python | ||
- | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vulnerability-management-resources
Posts with mentions or reviews of vulnerability-management-resources.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-08-19.
-
Catalog of zero-day vulnerabilities
Microsoft lists zero-day vulnerabilities their patches will fix each Patch Tuesday, but tracking down other zero-days doesn’t seem as easy. I’ve looked at the resources listed here but none seem to explicitly notate and filter for zero-days. The Tenable plugins search doesn’t allow filtering of zero-days, either. I could set up a news search or Twitter search each day, but if there’s one resource out there somewhere that keeps track of them all, that’d be extremely helpful.
-
zero-day exploit notifications
For other vulnerability related resources check: https://github.com/nickpieper/vuln-management-resources
SSVC
Posts with mentions or reviews of SSVC.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-08-12.
-
How useful is CVSS Score in CVE triage - The CVSS who cried wolf
so on this point i disagree with the author. depending on what you want to do, two methodologies i've used in the past have worked well for me: - EPSS - exploit predictability scoring system. how likely is this to be exploited? for many a key metric in patching prioritization - SSVC - stakeholder specific vulnerability categorization, comes to one of four outcomes for patching - immediately, emergency window, next scheduled window, or whenever. gets to how severe an impact would be on the business as a whole.
What are some alternatives?
When comparing vulnerability-management-resources and SSVC you can also consider the following projects:
GVM-Docker - Greenbone Vulnerability Management Docker Image with OpenVAS
cve-scanner-testing - Vulnerable Docker images created in different ways to check Docker image CVE scanners
cve - Gather and update all available and newest CVEs with their PoC.
ThreatMapper - Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.