Published on December 26th, 2020 | by NJ Ouchn0
vFeed, Inc. Introduces Vulnerability Common Patch Format Feature
New Feature !
Vulnerability Common Patch Format
vFeed Vulnerability Intelligence Service was created to provide correlation of a wide range of information datasets and aligning them with common vulnerabilities. Thus customers will have a complete database which can be used to retrieve the metrics and indicators they want to use to enrich their solution.
However, due to new challenges, we have decided to take a final step by introducing a new feature: Common Patch Format. Although our company and for liability reasons shall not be recognized as a “patch provider”, we have nevertheless done a lot of groundwork to review our roadmap and add this major feature.
For this first version of the Common Patch Format, we have implemented the vulnerable packages issued by Ubuntu. We will be adding gradually, current January 2021, the support to other vendors like Debian, Redhat, Fedora, IBM, Microsoft, Suse (OpenSuse), Gentoo and more.
Our customers will be happy to discover new set of data related to patching & hotfixing packages. As soon as the information is made public by the vendors, our correlation engines will align the vulnerabilities with the list of packages, products, affected and unaffected versions and their release date.
Our Customer Whitepaper Highlight
CloudDefense Making Shift Left Easier
Cloud Defense AI was founded by the desire to solve a problem. Securing applications is hard enough already, and even more so when having to stitch together a stack of up to 8 tools. CloudDefense solution to secure your entire application – SCA, SAST, DAST, API, Licenses, and Secrets Scanning. We want to make Shift Left easier for all organizations
In this technical paper CloudDefense explores the unique challenges of the changing security landscape and explore how the solution can help your team save money, avoid risk and build a better and safer product.
CloudDefense’s agent integrates into the continuous integration or build system of your choice and actively analyzes the security health of the application through various security analysis. CloudDefense’s vulnerability database is backed by the vFeed vulnerability intelligence service, which is one of the industry’s top vulnerability databases.
Support to Fedora Datasource
Fedora is a Linux distribution developed by the community-supported Fedora Project which is sponsored primarily by Red Hat, a subsidiary of IBM, with additional support from other companies.Fedora contains software distributed under various free and open-source licenses and aims to be on the leading edge of free technologies.Fedora is the upstream source of the commercial Red Hat Enterprise Linux distribution, and subsequently CentOS as well.
Whenever vFeed engines correlates data from Fedora, it will be reflected as key “Fedora” in the “Defense / Preventive” section.
Updated CAPEC / CWE
Updated ATT&CK v8.1
The MITRE ATT&CK’s Adversarial Tactics, Techniques, and Common Knowldge is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as excepted.
With this major version 8.1, vFeed is now supporting the newest additions and the latest structure.
All the updates are detailed in the changelog alongside the latest vFeed python API version 1.1.0. Get the latest update from our official Github repository