About

Welcome to CVE Monitor!

Bit Sentinel, a leading cyber security company based in Romania - EU, has developed and currently provides CVE Monitor - a free early warning service for organisations worldwide that inform them of upcoming threats and trends in cyber security. The goal is to reveal and prioritise all new vulnerabilities that appear every day and could be camouflaged in their networks.

General Information

What is the CVE Monitor Service?

As cyber-attack vectors become increasingly complex, it is vital for organisations to detect any suspicious activity as soon as possible in the attack chain and respond to it accordingly.

The CVE Monitor is an early warning service for cyber security threats.

CVE Monitor aggregates and processes social media threat intelligence feeds and other trusted public, commercial and closed sources, combined with a proprietary system based on Machine Learning & Artificial Intelligence algorithms to predict a vulnerability's severity from low to critical.

The CVE Monitor Early Warning System complements your existing threat intelligence products and should not be used in isolation.

The CVE Monitor is a free of charge service that any organisation - small, medium or big, active in any industry - can use.

How? By clicking the Subscription button, you'll get timely alerts on trending vulnerabilities that could affect your business and valuable data regarding the evolution of their severity level based on the industry markers.

  1. Be the first to know what's trending and use that to your advantage: you'll have more time to identify and fix potential vulnerabilities affecting your networks and systems before they start producing damage.
  2. Monitor predicted severity scores and use this information to fine-tune your defences, apply security patches or closely supervise the affected services. Sometimes, you will receive heads-up for up to 4 weeks before the community releases an official advisory.
  3. Improve your threat intelligence capabilities: improve your organisation's cyber security strategies.

By subscribing to CVE Monitor Advisories, we will deliver to you daily bulletins based on four metrics:

  • Trend Score is a proprietary algorithm computed based on social media trends (tweets, retweets, likes, replies, hashtags, keywords, links, references).

    • This Advisory will prioritise vulnerabilities based on their popularity on Social Media.
    • You will learn almost immediately about new trends and vulnerabilities that for different reasons became popular overnight, for example:
      • the impact of the vulnerability is critical
      • a proof of concept was released
      • the vulnerability is already exploited in the wild

  • CVSS2 Predicted Score is a proprietary algorithm that uses NLP, Machine Learning and Artificial Intelligence algorithms to predict the Common Vulnerability Scoring System - CVSS v2 and Common Weakness Enumeration - CWE with high accuracy

    • This Advisory is essential for any early-warning system because it can predict up to 4 weeks in advance the severity scores of newly released vulnerabilities, allowing responders to prioritise responses and resources according to threats
  • Official CVSS2 and CVSS3 Scores - these are metrics provided by the National Vulnerability Database and are based on a complex process that involves the verification of the vulnerability, threat classification and other collaboration activities with the industry.

Technical Information

Yes.

Drop us a line at cve-monitor [at] bit-sentinel [dot] com.

Our work describing the process of predicting CVSS and CWE was released in the paper "Predictive Model for Software Vulnerability Management in Telecommunication Infrastructures"”" at 2021 IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom). More details here.

According to the National Vulnerability Database (NVD), which is the U.S. government repository of standards-based vulnerability management data, the Common Vulnerabilities and Exposures (CVE) Program aims:

  • To identify vulnerabilities,
  • To associate specific versions of codebases (e.g. software and shared libraries) to those vulnerabilities, and
  • The use of CVEs identifiers ensures that two or more parties can confidently refer to a CVE identifier (ID) when discussing or sharing information about a unique vulnerability.

For detailed information regarding CVE please refer to https://cve.mitre.org/ or the CNA CVE Counting rules at https://cve.mitre.org/cve/cna/CNA_Rules_v1.1.pdf.

The Common Vulnerability Scoring System (CVSS) provides a way to capture the main characteristics of vulnerabilities and produce a numerical score reflecting their severity.

The numerical score can be any value from 0 to 10. Furthermore, it can then be translated into a qualitative representation (low, medium, high, and critical) to help organisations properly assess and prioritise their vulnerability management processes.

There are two popular CVSS algorithms used by the cyber security community: CVSS2 and CVSS3. CVSS3 became popular after 2019.

In the CVE Monitor, we decided to follow CVSS2 as our primary benchmark because of the more significant number of vulnerabilities classified using this method.

According to MITRE, CWE or Common Weakness Enumeration (CWE™) is a community-developed list of standard software and hardware weakness types that have security ramifications.

Weaknesses are flaws, faults, bugs, or other errors in software or hardware implementation, code, design, or architecture that, if left unaddressed, could result in systems, networks, or hardware being vulnerable to attack.

The CWE List and associated classification taxonomy serve as a language that can be used to identify and describe these weaknesses in terms of CWEs.

In the CVE Monitor, CWE is important because it allows us to translate complex descriptions and advisories reported by the security community into a more straightforward data type that can be used in computer processing.