Resources for Vulnerability Research

This post includes a list of  public resources (e.g., databases) for vulnerability research. It also features some well-known sites that are no longer available.

List of resources for Vulnerability Research

These are the resources listed on this post:

  • Common Vulnerabilities and Exposure (CVE)
  • Exploit Database
  • SecurityFocus
  • National Vulnerability Database (NVD)
  • Common Vulnerability Scoring System (CVSS)
  • Microsoft Security Response Center (MSRC)

Common Vulnerabilities and Exposure (CVE)

https://cve.mitre.org/

Common Vulnerabilities and Exposure (CVE) is an online list of vulnerabilities identifiers.

Exploit Database

National Vulnerability Database (NVD)

https://ndv.nist.org

National Vulnerability Database (NVD) is the US Government vulnerability database. It is managed by NIST.

Common Vulnerability Scoring System (CVSS)

https://nvd.nist.gov/vuln-metrics/cvss

Common Vulnerability Scoring System (CVSS) is an standard that provides an open framework for communicating the characteristics and severity of IT vulnerabilities. You can find more about it on this NIST link.

Microsoft Security Response Center (MSRC)

https://www.microsoft.com/en-us/msrc

Microsoft Security Response Center is the report to report vulnerabilities on Microsoft product.

MSRC does not hold a database on its own, but uses CVE instead. Microsoft’s CVE vulnerabilities are listed on the Security Update Guide.

Microsoft develops its Microsoft Vulnerability Research (MSVR) program. It is designed to help improve the security ecosystem as a whole through the sharing of knowledge and best practices.

Security Magazine

https://www.securitymagazine.com

Help Net Security

https://www.net-security.org

HackerStorm

http://www.hackerstorm.co.uk

SC Magazine

https://www.scmagazine.com

Computerworld

https://www.computerworld.com

WindowsSecurity

http://www.windowsecurity.com

CVE Details

https://www.cvedetails.com

Security Tracker

https://securitytracker.com

Vulnerability Lab

https://www.vulnerability-lab.com

D’Crypt

https://www.d-crypt.com

Trend Micro

https://www.trendmicro.com

Rapid7

https://www.rapid7.com

Dark Reading

https://www.darkreading.com

List of Disappeared Vulnerability Resources

The vulnerability resources that disappeared:

  • Open Source Vulnerability Database (OSVDB)
  • SecurityFocus

Open Source Vulnerability Database (OSVDB)

http://www.osvdb.org

Now defunct. It worked from 2002 to 2016.

It was independent an open-sourced vulnerability database.

SecurityFocus

https://www.securityfocus.com

Now defunct. It worked from 2002 to 2021.

It hosted the BugTraq mailing lists.

Leave a Reply

Your email address will not be published. Required fields are marked *