Vulnerabilities definitions are published daily to the National Vulnerability Database (NVD) after being assigned a reference CVE number. Nodeware syncs nightly with the NVD and begins the process of further enhancing this data.
This includes vendor bulletins from Microsoft Security Response Center (MSRC), Canonical's Ubuntu Security Notices (USN), Debian Security Advisories (DSA), Cisco, VMware, and others. We also cross-reference threat intelligence about exploit availability, from Metasploit, and in-the-wild exploitation from CISA.
Individual vulnerabilities are scored with industry standard CVSS scoring, currently version 3.1. In addition to the CVSS score assigned, additional factors are considered when establishing the asset risk score. They are environmental, which includes organization specific risk factors, and temporal metrics based on the threat intelligence described above.
Reference https://nvd.nist.gov/ for more information about the National Vulnerability Database (NVD).
Comments
0 comments
Please sign in to leave a comment.