Attack Flow v3
With Attack Flow, you will capture the entire attack and communicate what matters!
June 21, 2024
Project Summary
The software industry is faced with managing large numbers of software weaknesses (commonly identified by static-scanning tools using CWE ID reference), alongside large numbers of software vulnerabilities (CVEs), which all sit across many assets with differing security requirements. The calculator enables software development teams to score and prioritize discovered weaknesses empirically based on data in the National Vulnerability Database (NVD).
Problem
Without a common system of comparison across software weaknesses (CWEs) and software vulnerabilities (CVEs) that factors in environmental context, engineering teams cannot effectively prioritize their work, and thus waste cycles on wrong things while they miss opportunities to secure systems.
Solution
The CWE with Environmental CVSS Calculator will provide output that effectively enables a CWE in a specified environment to be priority ranked against a CVE in the same or different environment.
Impact
Software development teams will focus their limited resources on addressing the most dangerous issues.
Funding Research Participants
Explore More of Our Work:
Threat-Informed Defense for the Financial Sector
Connect adversarial threat mitigations to cybersecurity program resources tailored to the financial sector, namely the Cyber Risk Institute …
Ambiguous Techniques
Building upon the research of Summiting the Pyramid, Ambiguous Techniques is a methodology to determine malicious intent behind seemingly benign …
Stay Informed
Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.