Finding Published Vulnerabilities

So now we have a list of the third-party libraries, networked services, and operating systems in use on our network. Wherever possible, we also have version numbers. This list might not be complete, and might never be complete, but it’s still useful. Now we need to see what vulnerabilities have been published for this software.

Searching for vulnerabilities is manual

Searching for vulnerabilities is a manual effort. There isn’t a lot of consistency in how vulnerabilities are reported, and there isn’t a single centralized location for all ...