CVE (Common Vulnerabilities and Exposures) Analysis
Review code and applications in use for any publicly disclosed computer security flaws.
As with the new terms of DevOps, DevSecOps, BizOps, etc., this review is another way to embed a certain security review into the development process. Rather than CVEs being the sole domain of a security professional or team, automating this review brings the information and needs for remediation to attention at once.
Provided in reports, dashboards, and can be integrated with other tools.
This implementation is available through integration via SCAP (Security Content Automation Protocol) with NVD (National Vulnerability Database) and the CVE® Program.
As the current format of CVE lists will no longer be supported as of Summer 2022, the extended information contained in the CVD JSON 5.0 format will be included as it comes available.
NOTE: eruditeMETA will be participating in NIST NVD release of CVMAP (Collaborative Vulnerability Metadata Acceptance Process) Program as it relates to this feature and in accordance with Executive Order 14028: Improving the Nation's Cybersecurity, Sec. 2: Removing Barriers to Sharing Threat Information.
A comprehensive CVE assessment is not possible without an SCA. The output of the SCA is one of the inputs to a licensing review.