Software and issues standardization establishes a solid baseline for weakness prevention and common attack patterns.
It will guide the application development life cycle to take the appropriate action to mitigate vulnerabilities and associated risk.
Draw a Complete Overview of the Attack Vectors !
The vFeed solution relies solely on Industry Standards Identifiers such as CVE, CPE, CWE, CAPEC, ATT&CK and OVAL to allow researchers and users to cross-link data with different vulnerability databases and third-party references.
Each vulnerability in the database will contain a CVE Identifier alongside other attributes collected and aggregated to offer more accuracy and extensibility. The CVE, CPE, CWE, CAPEC, ATT&CK and OVAL identifiers will be displayed within the vFeed vulnerability indicators.
vFeed is compatible with all CVE initiative requirements and thus to ensure the common lexicons for the vulnerability namespace are adequately and accurately matched by our customers.
vFeed is fully compatible with the CAPEC to enumerate the mitigations and workarounds and to help customers to prioritize their patching process according to the attack patterns.
vFeed ensures the CWE compatibility to provide our code analysis customers the relevant language to describe their vulnerabilities and issues in order to maintain an efficient code quality management.
vFeed has the ability to import OVAL Definitions and extract the relevant vulnerabilities, patches, and compliance mappings to continuously provide customers with efficient way to enforce their configuration policies.
CPE provides standardized, consistent names for referring to operating systems, hardware, and applications. vFeed is fully aligned with CPE naming version 2.2 and 2.3. The standard will help customers to efficiently match the related vulnerabilities with their assets.
vFeed introduces a unique approach to validate customers' controls against vulnerabilities mapped with the ATT&CK. Therefore our solution is a leverage for a wide-ranging analysis to connect mitigations, weaknesses, adversaries with patches, exploits & threats data.