Keeping track of the number of CVEs can be a daunting task. We’ve got something that is going to help…

We’ve developed a process which gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

Firstly, what is a CVE?

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The system was launched for the public in September 1999.

The United States’ National Cybersecurity FFRDC, operated by The Mitre Corporation, maintains the system. They do this with funding from the US National Cyber Security Division of the US Department of Homeland Security.

What is a vulnerability?

A vulnerability is a weakness which can be used to access things one should not be able to gain access to. Obviously this is less than ideal! What would an attacker do? Well, they could run some malicious code or install malware. There could even be the option to copy useful data, or delete it.

What is an exposure?

An exposure is different. It’s a mistake made within the network or system, or code, that gives an intruder access to where they shouldn’t be.

Exposures are often mistakes. For example a GitHub repository which is open or an accessible Amazon S3 folder. These can be found accidentally and never become disclosed. What can happen is that they are found by the kind of people who you really don’t want snooping around.

CVE Identifiers give each one a different name, so people can talk about a specific vulnerability by using their name. At the time of writing, there are over 18800 CVEs listed!

So how are we going to help you keep track of CVEs?

We’ve developed a process which gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.  

This is via our unique intelligence collection pipelines, which include the Dark Web.

Every Monday, you’ll see a blog post appear with the latest CVEs which have been discussed the most over the previous 7 days. This is the first one from the 14th June.

If you use RSS (https://en.wikipedia.org/wiki/RSS), then add http://sosintel.co.uk/feed to your reader and you’ll see these automatically.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

We are your eyes and ears online, even in the darkest places.