Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).
Following a discussion with @cedricbonhomme about automatic scoring with information within vulnerability-lookup, an automatic vulnerability scoring decision can be calculated automatically:
Mapping for vulnerability lookup
Track - The vulnerability is sourced in vulnerability lookup from one or more sources without any sighting or comments.
Track* - The vulnerability is sourced (or not for vulnerability without source publication) in vulnerability lookup from one or more sources with one or more comments or one sighting from non-sources (not NVD or alike).
Attend - The vulnerability is sourced (or not for vulnerability without source publication) in vulnerability lookup from one or more sources with one or more comments or two or more sightings from non-sources (not NVD or alike).
Act - The vulnerability is sourced (or not for vulnerability without source publication) in vulnerability lookup from one or more sources with one or more comments or two or more sightings from non-sources (not NVD or alike) and present in KEV (CISA) or KEV (local instance) flag?.
Following a discussion with @cedricbonhomme about automatic scoring with information within vulnerability-lookup, an automatic vulnerability scoring decision can be calculated automatically:
Mapping for vulnerability lookup
Based on CISA - THE VULNERABILITY SCORING DECISION - Page 3