Consider prioritization using CVE_Prioritizer

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

https://public.vulnerablecode.io

Apache License 2.0

537 stars 202 forks source link

Consider prioritization using CVE_Prioritizer #1512

Open pombredanne opened 3 months ago

pombredanne commented 3 months ago

See @TURROKS https://github.com/TURROKS/CVE_Prioritizer It combines CVSS, EPSS and KEV. Nice Something to consider for CRAVEX! FYI: @DennisClark @TG1999 @tdruez

DennisClark commented 3 months ago

The project at https://github.com/TURROKS/CVE_Prioritizer?tab=readme-ov-file#cve-prioritizer is indeed a very interesting example of a solution to prioritization; however, the dependence on CVE identification and corresponding data is a limitation and it does not seem to make use of other vulnerability reporting sources (as far as I can tell).