diff --git a/docs/organizations/cve-cwe-discovery.md b/docs/organizations/cve-cwe-discovery.md index 9a9f0f077fe..6c62feb8e13 100644 --- a/docs/organizations/cve-cwe-discovery.md +++ b/docs/organizations/cve-cwe-discovery.md @@ -4,27 +4,38 @@ path: "/organizations/cve-cwe-discovery.html" id: "organizations/cve-cwe-discovery" --- -CVE & CWE Discovery helps you discover trends in common vulnerabilities and exposures (CVEs) and common weakness enumerations (CWEs). By better understanding the vulnerability landscape, you can harden your organization against new threats and gain insight into existing threats that are still being exploited in the wild. +CVE & CWE Discovery helps you discover trends in common vulnerabilities and exposures (CVEs) and common weakness enumerations (CWEs). By better understanding the vulnerability landscape, you can harden your organization against new threats and gain insight into existing threats still being exploited in the wild. -To start using this feature: +1. To start using this feature: 1. Go to **Hacktivity** -2. Select either the **CVE Discovery** or **CWE Discovery** tab -3. Use the search bar to filter results -4. Click on an item in the table to drill down into CVE or CWE details +1. Select either the **CVE Discovery** or **CWE Discovery** tab +1. Use the search bar to filter results +1. Click on an item in the table to drill down into CVE or CWE details ### Use Cases -#### Explore Trending Vulnerabilities -With the Discovery Search feature, you can search across identifiers, products, vendors, and descriptions to pinpoint the most relevant vulnerabilities for your organization. +#### Explore Trending Vulnerabilities +With the Discovery Search feature, you can search across identifiers, products, vendors, and descriptions to pinpoint the most relevant vulnerabilities for your organization. ![CVE discovery search](/images/cve-discovery-1.png) -#### Identify Related Reports +#### Identify Related Reports With the Related Reports feature on the CWE Details panel, you can explore publicly disclosed reports related to that CWE for an even deeper dive into how these weaknesses are being actively exploited. ![CVE details](/images/cve-discovery-2.png) #### Prioritize Threats With the H1 Rank for CVEs, you can see which vulnerabilities we believe have the highest impact. You can also gain further insight into the number of reports, the severity, and the remediation time for related reports by drilling down into the CVE Details or CWE Details panels. -The H1 Rank is determined by a combination of the number of hacker reports from valid proof of concept (PoC) exploits for HackerOne customers and recency of reports. It is calculated by aggregating the scores of its related submissions. Newer reports receive higher scores that decrease over time, with reports older than 12 weeks receiving the minimum score. +We combine the number of hacker reports from valid proof of concept (PoC) exploits for customers and recency of reports to determine a hacker’s H1 Rank. It is calculated by aggregating the scores of its related submissions. Newer reports receive higher scores that decrease over time, with reports older than 12 weeks receiving the minimum score. + +### EPSS in Hacktivity +HackerOne integrates EPSS (Exploit Prediction Scoring System) into Hacktivity. EPSS is a new industry standard that offers a real-time exploitability assessment for each CVE. Its goal is to inform us about the risk of exploitation by using a predictive model for a more accurate likelihood assessment. + +An EPSS score estimates the probability of observing in-the-wild exploitation attempts against that vulnerability in the next 30 days and enhances your vulnerability backlog prioritization efforts. + +![CVE discovery page](/images/cve-discovery-3.png) + +EPSS scores are now directly integrated into Hacktivity’s CVE Discovery page on HackerOne. By integrating CVSS ratings, EPSS, and our platform intelligence, customers gain a competitive edge in CVE remediation. This approach empowers enterprises to prioritize and establish risk-aligned remediation SLAs more effectively. + +![CVE detail view](/images/cve-discovery-4.png) diff --git a/docs/organizations/images/cve-discovery-3.png b/docs/organizations/images/cve-discovery-3.png new file mode 100644 index 00000000000..5ea2476ed5e Binary files /dev/null and b/docs/organizations/images/cve-discovery-3.png differ diff --git a/docs/organizations/images/cve-discovery-4.png b/docs/organizations/images/cve-discovery-4.png new file mode 100644 index 00000000000..abeb6bd070a Binary files /dev/null and b/docs/organizations/images/cve-discovery-4.png differ