Skip to content

Commit 5bb10a0

Browse files
CrashedmindCrashedmind
committed
Deployed a42f4a2 with MkDocs version: 1.5.3
1 parent 4e96093 commit 5bb10a0

6 files changed

Lines changed: 46 additions & 52 deletions

File tree

assets/images/cve_venn.png

201 KB
Loading

print_page/index.html

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2610,19 +2610,16 @@ <h2 id="risk-understanding_risk-zero-days">Zero Days<a class="headerlink" href="
26102610
</div>
26112611
<h2 id="risk-data_sources-population-sizes">Population Sizes<a class="headerlink" href="#risk-data_sources-population-sizes" title="Permanent link">&para;</a></h2>
26122612
<figure>
2613-
<p><img alt="Exploitation Venn Diagram" src="../assets/images/cve_exploit_venn.png" width="700" /></p>
2614-
<figcaption>Population Sizes associated with the Risk Remediation Taxonomy - Likelihood of Exploit branch</figcaption>
2613+
<p><img alt="Exploitation Venn Diagram" src="../assets/images/cve_venn.png" width="700" /></p>
2614+
<figcaption>Population Sizes associated with the Risk Remediation Taxonomy - Likelihood of Exploit branch. <br>Representative sizes and overlaps shown as there isn't authoritative exact data.</figcaption>
26152615
</figure>
2616-
<p>TODO update venn with latest data - and add weaponized exploits</p>
26172616
<ol>
2618-
<li>~~50% (~~100K) of all CVEs (~200K) have known exploits available (based on a commercial <abbr title="CTI Cyber Threat Intelligence.">CTI</abbr> product used by the author)</li>
2617+
<li>~~50% (~~100K) of all CVEs (~200K) have known exploits Proof Of Concepts available (based on a commercial <abbr title="CTI Cyber Threat Intelligence.">CTI</abbr> product used by the author)</li>
26192618
<li>~~5% (~10K) of all CVEs are actively exploited <ol>
26202619
<li><strong>There isn't a single complete authoritative source for these CVEs</strong></li>
26212620
</ol>
26222621
</li>
2623-
<li>~~10% of CVEs with Known Exploits Available (KEA) are known exploited</li>
26242622
<li>~~0.5% (~1K) of all CVEs (~200K) are in <abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> Known Exploited Vulnerability </li>
2625-
<li>~~5% (50) of all <abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> <abbr title="Known Exploited Vulnerability">KEV</abbr> CVEs (~1K) are not listed in Vendor DBs</li>
26262623
</ol>
26272624
<div class="admonition note">
26282625
<p class="admonition-title">CVEs represent a subset of all vulnerabilities. Your organization will have a subset of these CVEs</p>

risk/Data_Sources/index.html

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1505,19 +1505,16 @@ <h1 id="likelihood-of-exploit-populations">Likelihood of Exploit Populations<a c
15051505
</div>
15061506
<h2 id="population-sizes">Population Sizes<a class="headerlink" href="#population-sizes" title="Permanent link">&para;</a></h2>
15071507
<figure>
1508-
<p><img alt="Exploitation Venn Diagram" src="../../assets/images/cve_exploit_venn.png" width="700" /></p>
1509-
<figcaption>Population Sizes associated with the Risk Remediation Taxonomy - Likelihood of Exploit branch</figcaption>
1508+
<p><img alt="Exploitation Venn Diagram" src="../../assets/images/cve_venn.png" width="700" /></p>
1509+
<figcaption>Population Sizes associated with the Risk Remediation Taxonomy - Likelihood of Exploit branch. <br>Representative sizes and overlaps shown as there isn't authoritative exact data.</figcaption>
15101510
</figure>
1511-
<p>TODO update venn with latest data - and add weaponized exploits</p>
15121511
<ol>
1513-
<li>~~50% (~~100K) of all CVEs (~200K) have known exploits available (based on a commercial <abbr title="CTI Cyber Threat Intelligence.">CTI</abbr> product used by the author)</li>
1512+
<li>~~50% (~~100K) of all CVEs (~200K) have known exploits Proof Of Concepts available (based on a commercial <abbr title="CTI Cyber Threat Intelligence.">CTI</abbr> product used by the author)</li>
15141513
<li>~~5% (~10K) of all CVEs are actively exploited <ol>
15151514
<li><strong>There isn't a single complete authoritative source for these CVEs</strong></li>
15161515
</ol>
15171516
</li>
1518-
<li>~~10% of CVEs with Known Exploits Available (KEA) are known exploited</li>
15191517
<li>~~0.5% (~1K) of all CVEs (~200K) are in <abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> Known Exploited Vulnerability </li>
1520-
<li>~~5% (50) of all <abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> <abbr title="Known Exploited Vulnerability">KEV</abbr> CVEs (~1K) are not listed in Vendor DBs</li>
15211518
</ol>
15221519
<div class="admonition note">
15231520
<p class="admonition-title">CVEs represent a subset of all vulnerabilities. Your organization will have a subset of these CVEs</p>

search/search_index.json

Lines changed: 1 addition & 1 deletion
Large diffs are not rendered by default.

sitemap.xml

Lines changed: 39 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -2,197 +2,197 @@
22
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
33
<url>
44
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/</loc>
5-
<lastmod>2024-03-08</lastmod>
5+
<lastmod>2024-03-09</lastmod>
66
<changefreq>daily</changefreq>
77
</url>
88
<url>
99
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/annex/Glossary/</loc>
10-
<lastmod>2024-03-08</lastmod>
10+
<lastmod>2024-03-09</lastmod>
1111
<changefreq>daily</changefreq>
1212
</url>
1313
<url>
1414
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/cisa_kev/cisa_kev/</loc>
15-
<lastmod>2024-03-08</lastmod>
15+
<lastmod>2024-03-09</lastmod>
1616
<changefreq>daily</changefreq>
1717
</url>
1818
<url>
1919
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/cvss/CVSS/</loc>
20-
<lastmod>2024-03-08</lastmod>
20+
<lastmod>2024-03-09</lastmod>
2121
<changefreq>daily</changefreq>
2222
</url>
2323
<url>
2424
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/Applying_EPSS_to_your_environment/</loc>
25-
<lastmod>2024-03-08</lastmod>
25+
<lastmod>2024-03-09</lastmod>
2626
<changefreq>daily</changefreq>
2727
</url>
2828
<url>
2929
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/EPSS_Thresholds/</loc>
30-
<lastmod>2024-03-08</lastmod>
30+
<lastmod>2024-03-09</lastmod>
3131
<changefreq>daily</changefreq>
3232
</url>
3333
<url>
3434
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/EPSS_and_CISA_KEV/</loc>
35-
<lastmod>2024-03-08</lastmod>
35+
<lastmod>2024-03-09</lastmod>
3636
<changefreq>daily</changefreq>
3737
</url>
3838
<url>
3939
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/Introduction_to_EPSS/</loc>
40-
<lastmod>2024-03-08</lastmod>
40+
<lastmod>2024-03-09</lastmod>
4141
<changefreq>daily</changefreq>
4242
</url>
4343
<url>
4444
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/What_users_ask_for/</loc>
45-
<lastmod>2024-03-08</lastmod>
45+
<lastmod>2024-03-09</lastmod>
4646
<changefreq>daily</changefreq>
4747
</url>
4848
<url>
4949
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/abbreviations/</loc>
50-
<lastmod>2024-03-08</lastmod>
50+
<lastmod>2024-03-09</lastmod>
5151
<changefreq>daily</changefreq>
5252
</url>
5353
<url>
5454
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/epss_threshold/</loc>
55-
<lastmod>2024-03-08</lastmod>
55+
<lastmod>2024-03-09</lastmod>
5656
<changefreq>daily</changefreq>
5757
</url>
5858
<url>
5959
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/plots_cvss_epss/</loc>
60-
<lastmod>2024-03-08</lastmod>
60+
<lastmod>2024-03-09</lastmod>
6161
<changefreq>daily</changefreq>
6262
</url>
6363
<url>
6464
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/vendor_warning/</loc>
65-
<lastmod>2024-03-08</lastmod>
65+
<lastmod>2024-03-09</lastmod>
6666
<changefreq>daily</changefreq>
6767
</url>
6868
<url>
6969
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/vulns_exploited/</loc>
70-
<lastmod>2024-03-08</lastmod>
70+
<lastmod>2024-03-09</lastmod>
7171
<changefreq>daily</changefreq>
7272
</url>
7373
<url>
7474
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/Introduction/</loc>
75-
<lastmod>2024-03-08</lastmod>
75+
<lastmod>2024-03-09</lastmod>
7676
<changefreq>daily</changefreq>
7777
</url>
7878
<url>
7979
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/Requirements/</loc>
80-
<lastmod>2024-03-08</lastmod>
80+
<lastmod>2024-03-09</lastmod>
8181
<changefreq>daily</changefreq>
8282
</url>
8383
<url>
8484
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/Scope/</loc>
85-
<lastmod>2024-03-08</lastmod>
85+
<lastmod>2024-03-09</lastmod>
8686
<changefreq>daily</changefreq>
8787
</url>
8888
<url>
8989
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/code_and_data/</loc>
90-
<lastmod>2024-03-08</lastmod>
90+
<lastmod>2024-03-09</lastmod>
9191
<changefreq>daily</changefreq>
9292
</url>
9393
<url>
9494
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/contributors/</loc>
95-
<lastmod>2024-03-08</lastmod>
95+
<lastmod>2024-03-09</lastmod>
9696
<changefreq>daily</changefreq>
9797
</url>
9898
<url>
9999
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/foreword/</loc>
100-
<lastmod>2024-03-08</lastmod>
100+
<lastmod>2024-03-09</lastmod>
101101
<changefreq>daily</changefreq>
102102
</url>
103103
<url>
104104
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/Organization_requlated/</loc>
105-
<lastmod>2024-03-08</lastmod>
105+
<lastmod>2024-03-09</lastmod>
106106
<changefreq>daily</changefreq>
107107
</url>
108108
<url>
109109
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/Yahoo/</loc>
110-
<lastmod>2024-03-08</lastmod>
110+
<lastmod>2024-03-09</lastmod>
111111
<changefreq>daily</changefreq>
112112
</url>
113113
<url>
114114
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/acme/Applied/</loc>
115-
<lastmod>2024-03-08</lastmod>
115+
<lastmod>2024-03-09</lastmod>
116116
<changefreq>daily</changefreq>
117117
</url>
118118
<url>
119119
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/acme/EDA/</loc>
120-
<lastmod>2024-03-08</lastmod>
120+
<lastmod>2024-03-09</lastmod>
121121
<changefreq>daily</changefreq>
122122
</url>
123123
<url>
124124
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/requirements/Requirements/</loc>
125-
<lastmod>2024-03-08</lastmod>
125+
<lastmod>2024-03-09</lastmod>
126126
<changefreq>daily</changefreq>
127127
</url>
128128
<url>
129129
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Back_of_napkin/</loc>
130-
<lastmod>2024-03-08</lastmod>
130+
<lastmod>2024-03-09</lastmod>
131131
<changefreq>daily</changefreq>
132132
</url>
133133
<url>
134134
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Data_Sources/</loc>
135-
<lastmod>2024-03-08</lastmod>
135+
<lastmod>2024-03-09</lastmod>
136136
<changefreq>daily</changefreq>
137137
</url>
138138
<url>
139139
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Log4Shell/</loc>
140-
<lastmod>2024-03-08</lastmod>
140+
<lastmod>2024-03-09</lastmod>
141141
<changefreq>daily</changefreq>
142142
</url>
143143
<url>
144144
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Rbp_schemes/</loc>
145-
<lastmod>2024-03-08</lastmod>
145+
<lastmod>2024-03-09</lastmod>
146146
<changefreq>daily</changefreq>
147147
</url>
148148
<url>
149149
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Takeaway/</loc>
150-
<lastmod>2024-03-08</lastmod>
150+
<lastmod>2024-03-09</lastmod>
151151
<changefreq>daily</changefreq>
152152
</url>
153153
<url>
154154
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Understanding_Risk/</loc>
155-
<lastmod>2024-03-08</lastmod>
155+
<lastmod>2024-03-09</lastmod>
156156
<changefreq>daily</changefreq>
157157
</url>
158158
<url>
159159
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Vulnerability_Landscape/</loc>
160-
<lastmod>2024-03-08</lastmod>
160+
<lastmod>2024-03-09</lastmod>
161161
<changefreq>daily</changefreq>
162162
</url>
163163
<url>
164164
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/SSVC/</loc>
165-
<lastmod>2024-03-08</lastmod>
165+
<lastmod>2024-03-09</lastmod>
166166
<changefreq>daily</changefreq>
167167
</url>
168168
<url>
169169
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/decision_trees/</loc>
170-
<lastmod>2024-03-08</lastmod>
170+
<lastmod>2024-03-09</lastmod>
171171
<changefreq>daily</changefreq>
172172
</url>
173173
<url>
174174
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/decision_trees_from_scratch/</loc>
175-
<lastmod>2024-03-08</lastmod>
175+
<lastmod>2024-03-09</lastmod>
176176
<changefreq>daily</changefreq>
177177
</url>
178178
<url>
179179
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Edgescan/</loc>
180-
<lastmod>2024-03-08</lastmod>
180+
<lastmod>2024-03-09</lastmod>
181181
<changefreq>daily</changefreq>
182182
</url>
183183
<url>
184184
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Microsoft_Exploitability_Index/</loc>
185-
<lastmod>2024-03-08</lastmod>
185+
<lastmod>2024-03-09</lastmod>
186186
<changefreq>daily</changefreq>
187187
</url>
188188
<url>
189189
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Qualys/</loc>
190-
<lastmod>2024-03-08</lastmod>
190+
<lastmod>2024-03-09</lastmod>
191191
<changefreq>daily</changefreq>
192192
</url>
193193
<url>
194194
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/vendors/</loc>
195-
<lastmod>2024-03-08</lastmod>
195+
<lastmod>2024-03-09</lastmod>
196196
<changefreq>daily</changefreq>
197197
</url>
198198
</urlset>

sitemap.xml.gz

0 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)