IT Vulnerabilities

This post reviews some aspects regarding IT vulnerabilities.

Vulnerability Databases

Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.

MITRE Common Vulnerabilites and Exposures (CVE) is a list of publicly disclosed information security vulnerabilities and exposures.

Microsoft has its own portal about CVE’s affecting its products and how to fix them and it is MSRC’s Security Update Guide. It may also contain the corresponding CVSS ratings.

MITRE Common Weakness Enumeration (CWE) is a community-developed list of software and hardware weakness types.

MITRE ATT&CK Matrix is a knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target.

OWASP Top 10 represents a broad consensus about the 10 most critical security risks to web applications.

ExploitDB is an archive of exploits for the purpose of public security, and it explains what can be found on the database.

The Cybersecurity & Instrastructure Security Agency (CISA) holds the CISA Known Exploited Vulnerabilities Catalog.

Zero-Day Vulnerability Teams

This section lists some relevant teams within companies that are focused on finding and notifying to system owners zero-day vulnerabilites.

Zero-Day Vulnerability Teams featured on this post:

  • Google Project Zero
  • Trend Micro’s Zero Day Initiative

Google Project Zero

Project Zero is a team within by American company Google.

Official blog

Trend Micro’s Zero Day Initiative

Zero Day Initiative is an initiative by American company Trend Micro.

Official website

Leave a Reply

Your email address will not be published. Required fields are marked *