CVE reports contain CVSS scores to rate the severity of the bugs reported. However, some CVEs receive high ratings due to the severity of the compromise but are very difficult to exploit. While others receive medium scores but maybe heavily exploited by threat actors. Flashpoint tracks CVE discussions by actors on illicit sites to find out which ones are being discussed. These metrics can help decide whether a CVE needs a priority patch, or whether it can wait until the next maintenance cycle.
Use CVE mentions from illicit communities including forums and chat services to more accurately determine the risk CVEs pose to your organization
Updated for Xanadu
Requirements:
Flashpoint Ignite Account and Ignite API Key
ServiceNow Vulnerability Response