|(100 %)||Working on Common Vulnerability Scoring System v3 integration|
|(1 %)||vDNA update and OpenVAS integration|
|(1 %)||Security-Database is now CVE Compatible !|
|(1 %)||Oval Repository and vDNA Update|
|(1 %)||Security-Database OVAL Repository Update|
Working on Common Vulnerability Scoring System v3 integration
While working on Common Vulnerability Scoring System v3 implementation, we have to make choices.
Some of them are easy, other tricky. As we already say, CVSSv3 and CVSSv2 can be affected to the same alert, and we must keep CVSSv2 for SCAP needs, and simply because some alerts does not have CVSSv3 (old alerts).
We must propagate the right score (and only one per alert). We cannot deal with 2 scores like the NVD, our alerts are linked (see crosslinks demo)
CPE Deprecated Dictionary integration
This update is one of our biggest ’technical’ updates. We will now fully handle the CPE Deprecated Dictionary made by NVD. Thousand lines of codes, tests, checks, re checks and more. Again, our data quality, but also our alerts, will be greater.
And Prev? What does that mean?
Some of our data providers use these small typo to explain that a vulnerability affects multiple products and specially “previous version” of a product.
CVSS v3 and Updates
It’s been a year without posting, but not without work. Attentive user has found that we have put into production some changes, like CVSSv3, CPE search, and add some API. We also have added the possibility to change your monitoring email (Business and enterprise). And yes, we also have corrected some bugs ;) Let’s now talk about them.
Customize your monitored Products by adding an Environmental CVSS vector
Yes, it’s done! Now, you an customize your monitored products and add, for each one, a CVSS Environmental Vector! But, wait! What is an Environmental Vector and what it can do for you? Simple, lower or higher the score of an Alert, based on YOUR Environment!
58.000+ Nessus files integration and vDNA API update
Our Team have integrated 61.240 NASL files, 58.288 Nessus exploits (without marked deprecated or empty) with 190.370+ cpes and 149.850+ "Security-database" References into our database. Integration is done automatically each day, without human interaction like usual. And off course, we have added them to each alert, alert History, CPE, Dashboard, API...
vDNA update and Snort Rules integration
Happy new year 2014! Our Team have integrated 30.000+ Snort Rules into our database and have improved our vDNA API. Integration is done automatically each day, without human interaction like usual Of course, we have added them to each alert, alert History, CPE, Dashboard, API...
CVE syntax is changing
CVE syntax is changing on January 1, 2014. Be prepared, modify and test your code. This modification is not a big deal, the last 4 fixed digits became arbitrary digits with a minimum of 4 and without a maximum.
Updates and IAVM Integration
We are continuously working to improve our database quality. For that, we have updated, again, our internal engine, corrected the OpenVAS integration, enhanced our CPE detection, updated the Microsoft and Cert hourly update, enhanced the user dashboard with some graph and more... But we also have integrated IAVM (DISA) into our database and improved our vDNA API.
vDNA update and OpenVAS integration
Yes, we are continuously working to improve our database quality. For that, we have updated our internal engine, rewrite our SaintExploit and Metasploit integration to be able to store what Exploit(s) have been added to, or removed from an Alert. But we also have integrated OpenVAS into our database and improved our vDNA API.
Alert History and ExploitDB update
Our Team is continuously working to improve our database quality and the way we display the information. For that, we have updated "Alert History" to let you access more information and rewrite our ExploitDB integration to be able to store what Exploit(s) have been added to, or removed from an Alert.
Oval Repository and vDNA Update
Yeah, it’s done! We have finally added to our website / Services and vDNA API full Oval Definitions information. You can now browse definitions (Inventory, Vulnerability, Compliance, Patch..) directly on our Website, access on a machine way with our vDNA API and read the definition while browsing an Alert or a Product !
Security-Database is now CVE Compatible !
Security-Database is very proud to announce that we are now Officially Register as "CVE-Compatible". You can reach the announce on the CVE Website here.
Security-Database update is database by adding ExploitDB
Security-Database have update is database by adding ExploitDB (+15000 new exploits).
Officially OVAL Adopter
OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community.
Security-Database OVAL Repository Update
OVAL Repository downloads include Data Files of all vulnerability, compliance, inventory, and patch definitions for supported platforms. Data Files are intended for use with the Reference OVAL Interpreter, while both Data Files and the Bulk Content download (i.e., all definitions and schemas for all platforms) may be used with Products and Services Using OVAL. OVAL Repository content for past versions of the OVAL Language is available in the OVAL Archive.
Security-Database vDNA API Documentation
vDNA Â© (Security Database Vulnerability DNA) are API based / Web-Services that provide a ready-to-use platform through comprehensive Rich CVE XML Correlated feeds. It includes most common Open Standards: CVSS, CPE, CWE, CAPEC, OVAL, OSVDB, and specific feeds as well as Milw0rm, Metasploit and Saint. vDNA Â© is suitable for integrators, security software vendors & consultants that want to align with reliable standards.