Aggregators of actively discussed vulnerabilities. Alexander Redchits updated his list of services that highlight TOP CVE vulnerabilities and uploaded it with descriptions to teletype (in Russian). Now there are 11 of them:
1. Intruder’s Top CVE Trends & Expert Vulnerability Insights
2. Cytidel Top Trending
3. CVE Crowd
4. Feedly Trending Vulnerabilities
5. CVEShield
6. CVE Radar
7. Vulners “Discussed in social networks”
8. Vulmon Vulnerability Trends
9. SecurityVulnerability Trends
10. CVESky
11. Vulnerability-lookup
It’s great that there are so many of them! 👍 But for the most part, these services are NOT about real attacks and exploitability, but about the desire of the information security community to discuss some vulnerabilities. What is being discussed may not always be important to you.
And the attention span of the information security community is like that of a goldfish: they analyze a vulnerability/incident, demonstrate their expertise and immediately forget about it. 🤷♂️😏
It’s fascinating to look at these selections of CVE vulnerabilities, but using these lists to prioritize vulnerabilities in the VM process is a bad idea. It’s better to focus on the trending vulnerability lists provided by Positive Technologies. 😉😇