Prioritize Known Exploited Vulnerabilites
Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.
June 21, 2024
The software industry is faced with managing large numbers of software weaknesses (commonly identified by static-scanning tools using CWE ID reference), alongside large numbers of software vulnerabilities (CVEs), which all sit across many assets with differing security requirements. The calculator enables software development teams to score and prioritize discovered weaknesses empirically based on data in the National Vulnerability Database (NVD).
Without a common system of comparison across software weaknesses (CWEs) and software vulnerabilities (CVEs) that factors in environmental context, engineering teams cannot effectively prioritize their work, and thus waste cycles on wrong things while they miss opportunities to secure systems.
The CWE with Environmental CVSS Calculator will provide output that effectively enables a CWE in a specified environment to be priority ranked against a CVE in the same or different environment.
Software development teams will focus their limited resources on addressing the most dangerous issues.
Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the …
Summiting the Pyramid (STP) creates a methodology to score analytics against the pyramid of pain, helping defenders create more robust detections …
Sign up for the Center's "Stay Informed" newsletter to get notified for new project releases and upcoming events.