Go back

VulnCheck Adds Common Platform Enumeration (CPE) Data to its NVD++ Service to Improve Vulnerability Prioritization

Anthony Bettini

LEXINGTON, MA -- VulnCheck, the exploit intelligence company, today announced it is enhancing its Community Tier service, (NVD++)https://vulncheck.com/nvd2, with Common Platform Enumeration (CPE) data currently missing from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). By enriching NVD++ with CPE data, VulnCheck is helping solve an industry-wide issue, enabling defenders to identify vulnerable assets for newly published Common Vulnerabilities and Exposures (CVEs) in the NVD.

CPE data plays a crucial role in vulnerability management by providing a standardized method for identifying and documenting software applications, operating systems, and hardware components. VulnCheck’s initial release of CPE enrichment in NVD++ will close the gap by close to half of the current CVEs missing critical CPE data, starting with the majority of the highest prevalence vendors and products where vulnerability management teams lack the data to measure local exposure.

The source data VulnCheck used to produce “known vulnerable configurations” containing CPEs in NVD++ is the same used by NIST. VulnCheck’s research team is investigating additional sources and prioritizing accuracy over quick coverage to expand CPE correlation in the coming weeks.

Mapping software components to existing and new vulnerabilities is paramount for every cybersecurity company, product, and practitioner. “Many platforms and workflows globally rely on the existence of Common Platform Enumeration (CPE) records for every published vulnerability to determine which software and software versions are affected. It is great to see VulnCheck supporting the broader cybersecurity community by addressing the information gap, which helps continue vulnerability mapping for the industry.

Dmitry Raidman
CTO at Cybeats

Adding the missing CPE data to NVD++ enables teams to correlate OS / software packages, applications, devices and other assets with vulnerabilities to measure their exposure and prioritize response. The enhanced Community tier service provides practitioners with a stable alternative to the NVD that operates at the speed of business.

The NIST NVD is a best-effort tool from the government and a foundation for vulnerability management. However, given ongoing reliability issues, we’re taking another step toward solving important challenges for our Community tier members. With CPE data, VulnCheck NVD++ now offers the missing link between vulnerabilities and impacted systems.

Anthony Bettini
Founder and CEO at VulnCheck

VulnCheck first (unveiled NVD++)https://vulncheck.com/press/vulncheck-nvd on March 13, 2024. The Community tier service provides members with a reliable, high-performance source of NVD 2.0 and 1.0 CVE data via API or downloadable JSON files.

To access the solution and for more information on VulnCheck's Community tier offerings, visit https://vulncheck.com/community.

About VulnCheck

VulnCheck is the exploit intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence. Follow the company on LinkedIn, Mastodon, or Twitter.