Bit Sentinel, a leading cyber security company based in Romania - EU, has developed and currently provides CVE Monitor - a free early warning service for organisations worldwide that inform them of upcoming threats and trends in cyber security. The goal is to reveal and prioritise all new vulnerabilities that appear every day and could be camouflaged in their networks.
As cyber-attack vectors become increasingly complex, it is vital for organisations to detect any suspicious activity as soon as possible in the attack chain and respond to it accordingly.
The CVE Monitor is an early warning service for cyber security threats.
CVE Monitor aggregates and processes social media threat intelligence feeds and other trusted public, commercial and closed sources, combined with a proprietary system based on Machine Learning & Artificial Intelligence algorithms to predict a vulnerability's severity from low to critical.
The CVE Monitor Early Warning System complements your existing threat intelligence products and should not be used in isolation.
The CVE Monitor is a free of charge service that any organisation - small, medium or big, active in any industry - can use.
How? By clicking the Subscription button, you'll get timely alerts on trending vulnerabilities that could affect your business and valuable data regarding the evolution of their severity level based on the industry markers.
By subscribing to CVE Monitor Advisories, we will deliver to you daily bulletins based on four metrics:
Trend Score is a proprietary algorithm computed based on social media trends (tweets, retweets, likes, replies, hashtags, keywords, links, references).
CVSS2 Predicted Score is a proprietary algorithm that uses NLP, Machine Learning and Artificial Intelligence algorithms to predict the Common Vulnerability Scoring System - CVSS v2 and Common Weakness Enumeration - CWE with high accuracy
Drop us a line at cve-monitor [at] bit-sentinel [dot] com.
Our work describing the process of predicting CVSS and CWE was released in the paper "Predictive Model for Software Vulnerability Management in Telecommunication Infrastructures"”" at 2021 IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom). More details here.
According to the National Vulnerability Database (NVD), which is the U.S. government repository of standards-based vulnerability management data, the Common Vulnerabilities and Exposures (CVE) Program aims:
The Common Vulnerability Scoring System (CVSS) provides a way to capture the main characteristics of vulnerabilities and produce a numerical score reflecting their severity.
The numerical score can be any value from 0 to 10. Furthermore, it can then be translated into a qualitative representation (low, medium, high, and critical) to help organisations properly assess and prioritise their vulnerability management processes.
There are two popular CVSS algorithms used by the cyber security community: CVSS2 and CVSS3. CVSS3 became popular after 2019.
In the CVE Monitor, we decided to follow CVSS2 as our primary benchmark because of the more significant number of vulnerabilities classified using this method.
According to MITRE, CWE or Common Weakness Enumeration (CWE™) is a community-developed list of standard software and hardware weakness types that have security ramifications.
Weaknesses are flaws, faults, bugs, or other errors in software or hardware implementation, code, design, or architecture that, if left unaddressed, could result in systems, networks, or hardware being vulnerable to attack.
The CWE List and associated classification taxonomy serve as a language that can be used to identify and describe these weaknesses in terms of CWEs.
In the CVE Monitor, CWE is important because it allows us to translate complex descriptions and advisories reported by the security community into a more straightforward data type that can be used in computer processing.