What's new in SecDB 22.11 - EPSS, Packages & Software, new Security Advisory feeds... and more!

  1. Home
  2. Blog
  3. What's new in SecDB 22.11 - EPSS, Packages & Software, new Security Advisory feeds... and more!
Avatar
giterlizzi
- min read

# SecDB # EPSS # CVE # Security Advisory

Notable changes in SecDB

Introduced the Exploit Prediction Scoring System (EPSS)

Added the Exploit Prediction Scoring System (EPSS) score in all tables and CVE pages.

The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

SecDB CVE Header

[ EPSS value for Log4Shell CVE-2021-44228 ]

SecDB CVEs List

[ CVEs table for CISA-2022:0908 advisory ]

SecDB CVE Header

[ EPSS time series for Log4Shell CVE-2021-44228 in "EPSS" tab ]

https://www.first.org/epss - EPSS (Exploit Prediction Score System)

"Packages & Software" in CVE detail page

Using the Security Advisory information, now you can view the affected or unaffected "Packages and Software" of specific CVE.

SecDB Packages and Software

[ The "Packages and Software" tab ]

New Security Advisories feeds

SecDB new security advisories

Added new advisories:

  • Microsoft Security Response Center (MSRC)
  • VMWare
  • RustSec (Crates.io)
  • RubySec (RubyGems)

New "Infamous Vulnerabilities"

Added the "Infamous Vulnerabilities" table.

SecDB Infamous Vulnerabilities

[ Log4Shell, PrintNightmare, ShellShock and other "infamous" vulnerabilities with related CVEs ID ]

User Interface Improvements

  • "CVE" detail page: Now the NASL/NVT plugins, PoC, ExploitDB and Metasplot data are in one place... "Tools, PoC and Exploits" tab.
  • "CVE" detail page: "CVSS", "CAPEC", "OVAL" and "EPSS" tabs, now display a brief description.
  • Moved all charts from "Vulnerabilities" page in the new "Dashboard" page. Now the "Vulnerabilities" page display the search form.
  • In "Weakness Trend" chart it's possible to display the trend by CVSS (v3/v2) severity, using the buttons on top of chart.