Vulnrichment Exploitation Questions

cisagov / vulnrichment

A repo to conduct vulnerability enrichment.

Creative Commons Zero v1.0 Universal

406 stars 29 forks source link

Vulnrichment Exploitation Questions #23

Closed patrickmgarrity closed 1 month ago

patrickmgarrity commented 1 month ago

For the CISA Coordinator options. For "Exploitation" can you clarify:

What are the sources used to determine Confirmed Exploitation and POC?
What is the process to ensure these remain up to date as new information becomes available.

Only a subset of exploitation / POCs are confirmed around the time of CVE disclosure which is why I'm curious.

amanion-cisa commented 1 month ago

Short answer: The primary source is the CVE List. So a change to a CVE Record triggers vulnrichment reassessment, which may or may not lead to changes to vulnriched data. Note that KEV has a separate process and does monitor sources other than the CVE List. SSVC also includes a separate process that includes other sources. Changes from both of these processes feed into the vulnrichment process.

patrickmgarrity commented 1 month ago

Thanks for the insight!