How useful is CVSS Score in CVE triage - The CVSS who cried wolf

This page summarizes the projects mentioned and recommended in the original post on /r/blueteamsec
Vulnerability vulnerability-management Vulnerabilities prioritization decision-support

SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured

  • SSVC

    Stakeholder-Specific Vulnerability Categorization

    • so on this point i disagree with the author. depending on what you want to do, two methodologies i've used in the past have worked well for me: - EPSS - exploit predictability scoring system. how likely is this to be exploited? for many a key metric in patching prioritization - SSVC - stakeholder specific vulnerability categorization, comes to one of four outcomes for patching - immediately, emergency window, next scheduled window, or whenever. gets to how severe an impact would be on the business as a whole.

  • cve-scanner-testing

    Vulnerable Docker images created in different ways to check Docker image CVE scanners

    • I'd be a bit skeptical about claims that the vendors do much more than CVSS, especially that last time I checked even the coverage was lacklustre. I could not see any trend that showed that these actually exploitable vulnerabilities are somehow ranked higher than CVSS (data on that here). Granted it was aa while ago and specifically on docker images/containers and I have not looked at Tenable for example.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Catalog of zero-day vulnerabilities

    1 project | /r/sysadmin | 21 Mar 2023

  • Blocking unsafe open source dependencies in pull requests with Minder and OSV.dev

    1 project | dev.to | 29 May 2024

  • Announcing Pyscan: A dependency vulnerability scanner for python projects.

    3 projects | /r/u_aswin__ | 15 May 2023

  • Distributed vulnerability database for Open Source

    1 project | news.ycombinator.com | 3 Jan 2023

  • OSV-Scanner| Vulnerability Scanner for Open Source from Google

    1 project | news.ycombinator.com | 14 Dec 2022