As notified in our last December 2020 Newsletter, we have introduced a new great feature “Vulnerability Common Patch Format – VCPF”. Basically, instead of reporting links to bulletins, we have extended our engines to enumerate “vulnerable packages” and “vulnerable versions” affected by vulnerabilities. For its first release, we have implemented the support to “Ubuntu” dataset.
Great News, today we have reinforced this feature by enlarging the scope of “vulnerable packages” to “Redhat” and “Debian” datasets.
This enhancement requires that customers using the SQLite version of vFeed Vulnerability Intelligence Database must update the Python API to version 1.1.0. See below for more details.
Finally, we delved into the tons of vulnerability intelligence data we accumulated over the years and we released the “Top 10 Most Exploited Vulnerabilities in 2020”. Our list has been re-used by many security experts and dedicated cyber magazines such “HelpNetSecurity”.
Here is the great article about the Top Exploited Vulnerabilities released by the HelpNetSecurity.
Enhancement : Redhat and Debian added to VCPF
We have decided to take a final step by introducing a new feature: Common Patch Format. Although our company and for liability reasons shall not be recognized as a “patch provider”, we have nevertheless done a lot of groundwork to review our roadmap and add this major feature.
As of today, the “Vulnerability Common Patch Format” supports 3 major datasets : Ubuntu, Redhat and Debian
We are working hard to make it more consistent and solid by enlarding gradually the scope to other vendors such as Fedora, IBM, Microsoft, Suse (OpenSuse), Gentoo and more.
As soon as the information is made public by the vendors, our correlation engines will align the vulnerabilities with the list of packages, products, affected and unaffected versions and their release date.
This enhancement requires that customers using the SQLite version of vFeed Vulnerability Intelligence Database must update the Python API to version 1.1.0
You do need to complete this task if you are using library “export” to generate vulnerability JSON files since we have updated the API to reflect with the latest feature “Vulnerability Common Patch Format”.
Customers using directly our vulnerability JSON private repository do not need to complete this task. However, a new JSON schema v1.2 was released if needed.
All the updates are detailed in the changelog alongside the latest vFeed python API version 1.1.0. Get the latest update from ourofficial Github repository