Tool recommendation: opencve.io

Saturday, August 21, 2021

In these days there are coming up lots of new security vulnerabilities every day and it is difficult to follow them all and to filter the relevant of them which affect products you use in your organization.

That’s why I would like to recommend you a tool that makes this process easier (I’m not associated with it). It’s named OpenCVE and you can find it on https://www.opencve.io.

It shows you all existing and upcoming vulnerabilities. You can send filters for products you use in your organization and therefore only see the issues relevant for you. It even informs you per e-mail if new vulnerabilities (according to your filters) come up, this means that then you can start immediately to protect your network against the new vulnerability and not until you read about it on the news some days later.

It’s OpenSource which means that you can host it on your own. There’s also a hosted version but please keep in mind that if one day somebody might manage to hack the database this person then also knows which products you use based on the filters you set on your user account and therefore might find it easier to attack you in a second step. So it might be better to run the tool on your on servers behind a firewall.

Another thing to keep in mind is that the filters you set only work as good as the descriptions in the CVE entry details are. So if the person reporting a CVE makes a typo in the product name you might miss it as the filter you set doesn’t “see” it. So it’s good to review your filters from time to time.

I hope my recommendation is of help to you, if you have any questions feel free to ask.

← Previous