Software assigns priority to probability of exploitation of vulnerabilities
Leusden, 13 October 2022 – Tesorion, the largest, 100 percent Dutch, independent cyber security service provider, has developed software for Incident Response Teams. This software not only helps Incident Response Teams identify vulnerabilities in applications but also indicates the probability of being exploited by cyber criminals. The Tesorion Vulnerability Explorer bundles the public information available from the NVD CVE database, the Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS). Tesorion Vulnerability Explorer is open source and can be downloaded at Github. The software is a proof-of-concept and in development, but can already be used.
The working of the Tesorion Vulnerability Explorer
The Tesorion Computer Emergency Response Team (T-CERT) developed the Tesorion Vulnerability Explorer to fully utilize the relatively new EPSS framework. CVSS is a powerful and standardized way to determine the potential impact of a vulnerability, but not the chance of a vulnerability being exploited. The probability score is subsequently expressed in a rational number between 0 and 1. The higher the score, the greater the chance that a vulnerability will be exploited.
By correlating public information, possibly-exploited vulnerabilities can be identified during an Incident Response action. The power of the software is the filter which makes it possible to determine which vulnerabilities are the most probable to be exploited for a certain released application and software version. A trend line shows the development of the chance of exploitation.
Lodi Hensen, Head of Incident Response & Threat Intelligence at Tesorion: “This is the second tool we are giving back to the community. Earlier this year we developed and shared the Cumulonimbus-UAL_Extractor. Using this, Incident Response Teams can take relevant data from the Microsoft 365 environment in order to research it in their own environment. The idea for the Tesorion Vulnerability Explorer came to life during an Incident Response case. We ran into the problem of not knowing how likely it was for a vulnerability to actually be exploited. For this reason, one of our experts got to work with developing the software based on the EPSS framework, to be able to work more efficiently. Following that our expert talked to the creators of the EPSS to confirm whether our interpretation and idea for the Tesorion Vulnerability Explorer are correct. It is nice to now not only rely on our operational experience but also be able to fall back on substantiation on the basis of data. When dealing with cyber security incidents, time is a key factor in preventing or minimizing any damages. The quicker we are able to make a good estimate, the more adequately we can help the customer.”
The Tesorion Vulnerability Explorer can be downloaded for free at Github.