CVSS v3 and Updates

It’s been a year without posting, but not without work. Attentive user has found that we have put into production some changes, like CVSSv3, CPE search, and add some API. We also have added the possibility to change your monitoring email (Business and enterprise). And yes, we also have corrected some bugs ;) Let’s now talk about them.

Common Vulnerability Scoring System v3

As you already may know, the Common Vulnerability Scoring System v3, also know as CVSS v3 is now available on First.org.

First.org: “CVSS version 3 sets out to provide a robust and useful scoring system for IT vulnerabilities that is fit for the future... The updated version includes enhancements such as: the promotion of consistency in scoring, the replacement of Scoring Tips in order to more clearly guide end users of CVSS, and consideration of the system in order to make it more applicable to modern concerns”

So, we have worked hard to be able to provide to you a new API, and for the first time, publish it under Apache 2.0 License the code GitHub Repository. Like always, this new API is available to every user with unlimited call per day.

You can find the documentation here: CVSS v3 documentation and here: GitHUB CVSSv3 Documentation

Search Alerts directly by CPE

We also add a new functionalities of our website. The possibility to search Alerts directly by CPE (Platform / Vendor / Version). This functionality is available here : CPE Search and of course, available on API here : CPE API. It let your browse our database by Platform / Vendor / Version, and filter them.

Hope those this one will help you navigate and search for what you need.

Monitoring Email

The last one came directly from our customers that wants to change the monitoring email without changing the Login email. We answer it by adding this possibility. For that, you only need to go to your vDNA Monitoring panel and update the email. By default, it’s the same as your login. This functionality is actually available to the Business and Enterprise subscription.

Bugs and improvements

Of course we have corrected some bugs on our API, Engine and more, here are some:

  • Update some Microsoft SA that don’t have a description
  • Update VMware to check for a better Modified date
  • Handle Ubuntu Advisories Titles the correct way
  • Update graph on API Key (module)
  • Upgrade some API documentations
  • Change our Nessus Class to better handle some parsing error
  • Upgrade our Oval Repository (we will work on 5.11.1 soon)
  • Do some maintenance on our database
  • Upgrade our Hardware and add some servers
  • Add some integrity check on our monitoring system
  • Added Collision detection on vDNA Crosslinks for better graph

Next

Next step will be a web CVSSv3 calculator and the migration of the actual CVSS v2 system to the new CVSS v3. But for that, we will wait a little bit more ;)

And we also investigate the way to add account delegation (monitoring and API) to another account. But we could already say that it will be hard.

Mandriva

And at last, we say farewell to Mandriva that closed their doors after 17 years. We will keep into our database Mandriva Advisories like we already do for Sun advisories

So, if you haven’t already register, go on! It’s Free!

Hope you’ll enjoy those changes.