Skip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Tesorion develops Vulnerability Explorer for Incident Response Teams

By 13 October 2022 November 4th, 2022 News

Software assigns priority to probability of exploitation of vulnerabilities

Leusden, 13 October 2022 – Tesorion, the largest, 100 percent Dutch, independent cyber security service provider, has developed software for Incident Response Teams. This software not only helps Incident Response Teams identify vulnerabilities in applications but also indicates the probability of being exploited by cyber criminals. The Tesorion Vulnerability Explorer bundles the public information available from the NVD CVE database, the Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS). Tesorion Vulnerability Explorer is open source and can be downloaded at Github. The software is a proof-of-concept and in development, but can already be used.

The working of the Tesorion Vulnerability Explorer

The Tesorion Computer Emergency Response Team (T-CERT) developed the Tesorion Vulnerability Explorer to fully utilize the relatively new EPSS framework. CVSS is a powerful and standardized way to determine the potential impact of a vulnerability, but not the chance of a vulnerability being exploited. The probability score is subsequently expressed in a rational number between 0 and 1. The higher the score, the greater the chance that a vulnerability will be exploited.

By correlating public information, possibly-exploited vulnerabilities can be identified during an Incident Response action. The power of the software is the filter which makes it possible to determine which vulnerabilities are the most probable to be exploited for a certain released application and software version. A trend line shows the development of the chance of exploitation.

Lodi Hensen, Head of Incident Response & Threat Intelligence at Tesorion: “This is the second tool we are giving back to the community. Earlier this year we developed and shared the Cumulonimbus-UAL_Extractor. Using this, Incident Response Teams can take relevant data from the Microsoft 365 environment in order to research it in their own environment. The idea for the Tesorion Vulnerability Explorer came to life during an Incident Response case. We ran into the problem of not knowing how likely it was for a vulnerability to actually be exploited. For this reason, one of our experts got to work with developing the software based on the EPSS framework, to be able to work more efficiently. Following that our expert talked to the creators of the EPSS to confirm whether our interpretation and idea for the Tesorion Vulnerability Explorer are correct. It is nice to now not only rely on our operational experience but also be able to fall back on substantiation on the basis of data. When dealing with cyber security incidents, time is a key factor in preventing or minimizing any damages. The quicker we are able to make a good estimate, the more adequately we can help the customer.”

The Tesorion Vulnerability Explorer can be downloaded for free at Github.