Wednesday, April 20, 2022

Highlight Reel: CISA Database of Known Exploited Vulnerabilities

Tags: CISA, known exploited vulnerabilities, US National Cybersecurity Infrastructure Security Agency, VMware, penetration testing, vulnerability testing

Relevance:

  • The list is continuously updated with vulnerabilities if they have known, and actively used exploits.  
  • One of many indicators of priority importance - as a function of risk.
  • Listing contains excellent metadata.
  • There are 644 entries for all vulnerabilities.
OK, so why does this matter? Because every company seems to struggle with how to prioritize. Sure, there's a lot to get done. But how do I prioritize what to fix? What to build? Where to focus? Perhaps you have an interesting project to track vulnerabilities. Another dimension that can be added to provide intelligence or meaningful input into priority ranking includes indicators of whether an exploit is being used by a population of attackers.

Sources & Links: