Classification: Exploit Status Overhaul

Posted by jericho Fri, 23 Oct 2009 00:52:00 GMT

OSVDB's classification system is designed to categorize certain attributes of a vulnerability. This facilitates custom searches by a specific attribute, helps researchers develop metrics and gives a better picture of the vulnerability landscape. Until now, we've tracked if an exploit is 'available', 'unavailable', 'rumored / private' or 'unknown'. While this was a good start for exploit status, it has quickly outgrown usefulness. Today, OSVDB overhauled the exploit classification to use the following:
  • exploit public - A working exploit is publicly available.
  • exploit rumored - An exploit is rumored to exist, but cannot be confirmed.
  • exploit private - An exploit exists, but is not available to the public or in a commercial framework (e.g., vulnerability pre-disclosure groups like iDefense or ZDI, researcher developed but unreleased).
  • exploit commercial - An exploit has been created and is available to customers in a commercial framework such as Canvas or CORE Impact.
  • exploit unknown - The status of a working exploit is unknown.
In addition, we are moving one existing classification to the 'exploit' column since it is relevant to this category:
  • exploit wormified - An exploit has been crafted to spread via 'worm' or 'virus'.
As always, if you have suggestions or questions about the classification system, please mail moderators[at]osvdb.org!

Posted in  | Tags ,  | 1 comment

Comments

Leave a response

  1. cqb said about 1 hour later:

    are you going to be updating cvss v2 scores based on the exploit status?

RSS feed for this post

(leave url/email »)

   Comment Markup Help Preview comment