Putting custom vulnerability priorities into RedSeal
While RedSeal is our primary vulnerability analysis platform, we've hit limits using standard CVSS V2 scores for prioritization (they don't reflect our threat model, Heartbleed was only a CVSS 5, problems with distribution of scores, etc.). To address this, I've created, with help from some independent researchers, VulnPryer (https://github.com/SCH-CISM/vulnpryer). VulnPryer takes a feed of vulnerability information and adjusts the scores in a user-defined way to ensure that scores are reflective of what matters to you and your organization. Are you concerned about script kiddies with a copy of Metasploit? VulnPryer has default rules to prioritize vulns with public exploit code.
Best of all, the standard VulnPryer code is explicitly targeted at feeding this data back into RedSeal via a customized TRL (RS 8.0 has some interesting features to make this even easier). Check it out, open issues, give feedback, make it your own!
David this is great stuff. I love learning about new things such as vulnpryer. I will certainly pass this tid bit along to others who have not joined our community yet.Reply
Thank you for sharing this! Tweaking the insights that we get from vuln data is certainly a key to getting more effective in patching strategy and understanding the overall risk profile of the environment.
This sounds cool. I am going to have to take it for a spin.Reply