VulnCheck’s new database tracks exploits for fresh vulnerabilities in real time and allows for search using CVE IDs. Cybersecurity professionals who need to track the latest vulnerability exploits now have a new tool designed to make their job easier, with the launch today of VulnCheck XDB, a database of exploits and proof of concepts hosted on Git repositories.The tool, from cyberthreat intelligence provider VulnCheck, is aimed at helping vulnerability researchers and security teams prioritize vulnerabilities based on the availability and criticality of new exploits that have been made public.“There is a significant gap in exploit databases available today for modern security teams,” said Anthony Bettini, CEO and founder of VulnCheck. “That’s why we’re excited to launch XDB. This complementary tool will be instrumental in helping researchers, offensive teams and detection engineers solve the vulnerability prioritization challenge and bolster security.”VulnCheck XDB is an open, license-less service and is available to users at launch. It sources information from Git providers like GitHub, GitLab, and Gitee. Legacy exploit databases are slow, lack detailsA major shortcoming of legacy databases is the “single file” model they are designed on, according to Bettini. Exploits these days are often projects with variety of functionalities, spanning multiple files like configuration files and command line interface files.“These multifile projects often appear on git repositories (like GitHub), and legacy databases don’t support multiple files,” Bettini said. “Usually, when multiple files are involved, other exploit databases don’t include it or fold all the files into a single ZIP file, making them unreadable on the websites.” Another drawback to legacy databases is that they are people curated exploit databases and are extremely slow to be relied on, Bettini said. VulnCheck, on the other hand, is offering an autonomous software system for tracking exploit and proof of concept code in real time.“A problem with vulnerability databases today is that we only get basic information about the severity of the vulnerability (CVS scores) and effected version details,” said Edouard Viot, vice president of product at GitGuardian, a provider of code security software. “A working exploit can inform a business about the risk of their own infrastructure, or testing the efficiency of an existing security control.”VulnCheck XDB features CVE indexingXDB will be hosted as an autotracking, complementary tool on VulnCheck’s website and will feature the option to search by common vulnerabilities and exploits (CVE) IDs for discovering vulnerabilities with written exploits.The fact that it’s well-linked to CVE-ID will be more interesting for organizations that have CVE alerts and want to assess their real risk, according to Viot.“Application makers only write 10% of their code, 90% of their attack surfaces are the framework that they use. These frameworks use sub-libraries with, on average, three vulnerabilities per year. So, an application maker has a lot of CVE to manage on their own application because of the dependencies. Having access to the exploitation code could help to do what we call an ‘impact analysis’,” Viot said.There are other automatically updated programs designed to allow security professionals to check on new exploits, including from cybersecuirty comnpany Exploit DB — but VulnCheck also claims to cover exploits written in other countries or hosted on foreign sites, like Gitee. “At this time, we’re unaware of any other exploit database making any attempt to track exploits written in foreign countries like China,” Bettini said. Related content news Amazon debuts biometric security device, updates Detective and GuardDuty Amazon’s latest security offerings, announced at its re:Invent conference, cover everything from advanced biometrics to new tools for defeating runtime and cloud threats, including identity and access management (IAM) capabilities. By Jon Gold Nov 29, 2023 3 mins Biometrics Security Monitoring Software Threat and Vulnerability Management news Almost all developers are using AI despite security concerns, survey suggests About 96% of developers are using AI tools and nearly eight out of 10 coders are bypassing security policies to use them, while placing unfounded trust into AI’s competence and security, according to the report by Snyk. By John Mello Jr. Nov 29, 2023 4 mins Development Tools Security Practices Supply Chain news FBI probes Pennsylvanian water utility hack by pro-Iran group Federal and state investigations are underway for the recent pro-Iran hack into a Pennsylvania-based water utility targeting Israel-made equipment. By Shweta Sharma Nov 29, 2023 4 mins Cyberattacks Utilities Industry feature 3 ways to fix old, unsafe code that lingers from open-source and legacy programs Code vulnerability is not only a risk of open-source code, with many legacy systems still in use — whether out of necessity or lack of visibility — the truth is that cybersecurity teams will inevitably need to address the problem. By Maria Korolov Nov 29, 2023 9 mins Security Practices Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe