Vulnerability

A Vulnerability represents a known and published security issue associated with the version or any of its components.

The platform maps components to vulnerabilities using their identifiers (CPE, PURL) and various vulnerability databases.

The platform further enhances the vulnerabilities by identifying its Exploit Prediction Scoring System (EPSS) and CISA's Known Exploitability Vulnerability Catalog (KEV).

Vulnerability Disposition

As vulnerabilities are matched to a version, the organization may attempt to understand the implications for the product - vulnerability disposition - and may wish to record these findings with the vulnerabilities.

The platform supports adding vulnerability status using Vulnerability Exploitability eXchange.

Last updated