Skip to content
This repository has been archived by the owner on Nov 20, 2023. It is now read-only.

Commit

Permalink
Merge pull request #1217 from Hacker0x01/cve-update
Browse files Browse the repository at this point in the history
CVE update
  • Loading branch information
jessiwright authored Oct 26, 2023
2 parents 2ed774c + 25f7a18 commit f87c2e9
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 9 deletions.
29 changes: 20 additions & 9 deletions docs/organizations/cve-cwe-discovery.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,38 @@ path: "/organizations/cve-cwe-discovery.html"
id: "organizations/cve-cwe-discovery"
---

CVE & CWE Discovery helps you discover trends in common vulnerabilities and exposures (CVEs) and common weakness enumerations (CWEs). By better understanding the vulnerability landscape, you can harden your organization against new threats and gain insight into existing threats that are still being exploited in the wild.
CVE & CWE Discovery helps you discover trends in common vulnerabilities and exposures (CVEs) and common weakness enumerations (CWEs). By better understanding the vulnerability landscape, you can harden your organization against new threats and gain insight into existing threats still being exploited in the wild.

To start using this feature:
1. To start using this feature:
1. Go to **Hacktivity**
2. Select either the **CVE Discovery** or **CWE Discovery** tab
3. Use the search bar to filter results
4. Click on an item in the table to drill down into CVE or CWE details
1. Select either the **CVE Discovery** or **CWE Discovery** tab
1. Use the search bar to filter results
1. Click on an item in the table to drill down into CVE or CWE details

### Use Cases
#### Explore Trending Vulnerabilities
With the Discovery Search feature, you can search across identifiers, products, vendors, and descriptions to pinpoint the most relevant vulnerabilities for your organization.
#### Explore Trending Vulnerabilities
With the Discovery Search feature, you can search across identifiers, products, vendors, and descriptions to pinpoint the most relevant vulnerabilities for your organization.

![CVE discovery search](/images/cve-discovery-1.png)

#### Identify Related Reports
#### Identify Related Reports
With the Related Reports feature on the CWE Details panel, you can explore publicly disclosed reports related to that CWE for an even deeper dive into how these weaknesses are being actively exploited.

![CVE details](/images/cve-discovery-2.png)

#### Prioritize Threats
With the H1 Rank for CVEs, you can see which vulnerabilities we believe have the highest impact. You can also gain further insight into the number of reports, the severity, and the remediation time for related reports by drilling down into the CVE Details or CWE Details panels.
The H1 Rank is determined by a combination of the number of hacker reports from valid proof of concept (PoC) exploits for HackerOne customers and recency of reports. It is calculated by aggregating the scores of its related submissions. Newer reports receive higher scores that decrease over time, with reports older than 12 weeks receiving the minimum score.

We combine the number of hacker reports from valid proof of concept (PoC) exploits for customers and recency of reports to determine a hacker’s H1 Rank. It is calculated by aggregating the scores of its related submissions. Newer reports receive higher scores that decrease over time, with reports older than 12 weeks receiving the minimum score.

### EPSS in Hacktivity
HackerOne integrates EPSS (Exploit Prediction Scoring System) into Hacktivity. EPSS is a new industry standard that offers a real-time exploitability assessment for each CVE. Its goal is to inform us about the risk of exploitation by using a predictive model for a more accurate likelihood assessment.

An EPSS score estimates the probability of observing in-the-wild exploitation attempts against that vulnerability in the next 30 days and enhances your vulnerability backlog prioritization efforts.

![CVE discovery page](/images/cve-discovery-3.png)

EPSS scores are now directly integrated into Hacktivity’s CVE Discovery page on HackerOne. By integrating CVSS ratings, EPSS, and our platform intelligence, customers gain a competitive edge in CVE remediation. This approach empowers enterprises to prioritize and establish risk-aligned remediation SLAs more effectively.

![CVE detail view](/images/cve-discovery-4.png)

Binary file added docs/organizations/images/cve-discovery-3.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/organizations/images/cve-discovery-4.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit f87c2e9

Please sign in to comment.