Replies: 12 comments 3 replies
-
Post from Nucleus Security research lead: |
Beta Was this translation helpful? Give feedback.
-
Fortinet's FortiSOAR (Managed SOC Services) also had a linked in post mentioning use of SSVC, but details are still being tracked down from Amit Jain https://www.linkedin.com/posts/amitjainixd_fortisoar-cisa-nvd-activity-7079009317193998336-9N-d?utm_source=share&utm_medium=member_desktop |
Beta Was this translation helpful? Give feedback.
-
Qualys - https://blog.qualys.com/product-tech/2022/11/30/effective-vulnerability-management-with-ssvc-and-qualys-trurisk Just dumping from my notes before I loose these. |
Beta Was this translation helpful? Give feedback.
-
Should we be capturing these in a page in the |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
2024-02-14 Applying Vulnerability Intelligence to CVSS and SSVC Frameworks https://www.youtube.com/watch?v=Gn1t7ljdSH0 2024-02-15 No More Business As Usual: Vulnerability Management Focused On Managing Risk https://www.spiceworks.com/it-security/vulnerability-management/guest-article/best-vulnerability-management-practices/ 2024-02-24 5 Things to Consider Before Using SSVC Vulnerability Prioritization Framework https://nucleussec.com/blog/5-things-to-consider-before-using-ssvc-to-automate-vulnerability-prioritization/ |
Beta Was this translation helpful? Give feedback.
-
2024-02-15 The SSVC risk prioritization method: what it is, when to use it, and alternatives https://vulcan.io/blog/the-ssvc-risk-prioritization-method-what-it-is-when-to-use-it-and-alternatives/ |
Beta Was this translation helpful? Give feedback.
-
11-16-2022 Using ssvc decision trees intelligence-led vulnerability management https://nucleussec.com/blog/ssvc-decision-trees-intelligence-led-vulnerability-management |
Beta Was this translation helpful? Give feedback.
-
Yotam Perkal talk on SSVC |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
2024-03: Risk Based Prioritization https://riskbasedprioritization.github.io/ uses a customized SSVC derived from CISA's implementation that incorporates threat feeds and other operational data in improving vulnerability response decisions. |
Beta Was this translation helpful? Give feedback.
-
2024-05-09: CISA Vulnrichment adds SSVC decision point info from CISA analysts to CVE data as an ADP provider. On github: Media coverage: |
Beta Was this translation helpful? Give feedback.
-
Good work from Yahoo using SSVC:
https://github.com/theparanoids/PrioritizedRiskRemediation
The Risk Remediation Taxonomy and Decision Tree are part of a conference presentation by Yahoo Chris Madden: https://www.bsidesdub.ie/ May 27 2023.
See the slide deck and the recording.
Beta Was this translation helpful? Give feedback.
All reactions