Deployed 17a2635 with MkDocs version: 1.5.3

Author: Crashedmind

print_page/index.html

@@ -4938,6 +4938,11 @@ <h1 class='nav-section-title' id='section-vendors'>
 <td>Phoenix Security adopts a refined approach to contextual vulnerability management, integrating a sophisticated risk formula that quantifies vulnerabilities on a scale from 0 to 1000. This method encompasses three principal components: base severity, the weighted likelihood of exploitation, and the weighted business impact at the vulnerability level.             <br><strong>Base Severity</strong>: Establishes the inherent risk posed by a vulnerability, serving as the foundational risk assessment metric.          <br><strong>Weighted Likelihood of Exploitation</strong>: This factor evaluates the probability of a vulnerability being exploited, incorporating contextual elements such as externability, cyber threat intelligence (with the Exploit Prediction Scoring System <abbr title="Exploit Prediction Scoring System">EPSS</abbr> among the key indicators), <abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> Known Exploited Vulnerabilities (<abbr title="Known Exploited Vulnerability">KEV</abbr>), exploit availability, and exploit maturity levels (Proof of Concept, Exploitable, Weaponizable).             <br><strong>Weighted Business Impact</strong>: Assesses the potential impact of a vulnerability on business operations, factoring in both a user-assigned impact score (1-10 scale) and financial implications.                 This dimension does not directly influence the overall risk score through financial impact but provides a comprehensive view of the potential operational disruption. Vulnerabilities are systematically categorized across assets, applications, and environments, enhancing the precision of risk assessment. The likelihood of exploitation is detailed by combining external vulnerability data, threat intelligence, and the presence and maturity of exploits. Business impact evaluation includes user input and financial impact assessments, albeit without affecting the overall risk score.\<abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> aggregation considers asset criticality, whether an asset is internal or external, the volume of vulnerabilities, and groups them in ranges for effective prioritization and management. <br><br>This structured approach enables Phoenix Security to deliver a nuanced, actionable framework for addressing vulnerabilities in a targeted manner.Details on the risk formula are available here: <a href="https://phoenix.security/phoenix-security-act-on-risk-calculation/">https://phoenix.security/phoenix-security-act-on-risk-calculation/</a> For FAQ: <a href="https://phoenix.security/faqs/">https://phoenix.security/faqs/</a> .</td>
 <td>✅</td>
 </tr>
+<tr>
+<td><strong>Amazon</strong></td>
+<td>Amazon Inspector offers continuous vulnerability scanning for AWS EC2, ECR, and Lambda resources. Inspector provides findings with <abbr title="Exploit Prediction Scoring System">EPSS</abbr> scores, Common Vulnerability Scoring System (<abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr>) scores, and Common Weakness Enumeration identifiers (<abbr title="CWE Common Weakness Enumeration">CWE</abbr>). Findings are created using intelligence from the <abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> Known Exploited Vulnerabilities (<abbr title="Known Exploited Vulnerability">KEV</abbr>) Catalog and 50+ sources. <a href="https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html">https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html</a>           <br> Amazon Inspector also offers stateless scanning in CI/CD workflows. Here, findings are returned as CycloneDX SBOMs containing <abbr title="Exploit Prediction Scoring System">EPSS</abbr> scores, <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> scores, and CWEs. This functionality can be used with a supported CI/CD plugin <a href="https://docs.aws.amazon.com/inspector/latest/user/scanning-cicd.html#plugin-integration">https://docs.aws.amazon.com/inspector/latest/user/scanning-cicd.html#plugin-integration</a> or with the AWS CLI <a href="https://awscli.amazonaws.com/v2/documentation/api/latest/reference/inspector-scan/scan-sbom.html">https://awscli.amazonaws.com/v2/documentation/api/latest/reference/inspector-scan/scan-sbom.html</a></td>
+<td>✅</td>
+</tr>
 </tbody>
 </table>
 <div class="admonition warning">

search/search_index.json

@@ -2,192 +2,192 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/annex/Glossary/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/cisa_kev/cisa_kev/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/cvss/CVSS/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/Applying_EPSS_to_your_environment/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/EPSS_Thresholds/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/EPSS_and_CISA_KEV/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/Introduction_to_EPSS/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/What_users_ask_for/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/abbreviations/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/epss_threshold/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/plots_cvss_epss/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/vendor_warning/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/vulns_exploited/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/Introduction/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/Scope/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/code_and_data/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/contributors/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/foreword/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/preface/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/Yahoo/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/acme/Applied/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/requirements/Requirements/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Back_of_napkin/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Data_Sources/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Log4Shell/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Rbp_schemes/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Takeaway/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Understanding_Risk/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Vulnerability_Landscape/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/SSVC/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/decision_trees/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/decision_trees_from_scratch/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/talks/talks/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Edgescan/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Microsoft_Exploitability_Index/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Qualys/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/vendors/</loc>
-         <lastmod>2024-07-01</lastmod>
+         <lastmod>2024-08-28</lastmod>
          <changefreq>daily</changefreq>
     </url>
 </urlset>

sitemap.xml

@@ -1479,6 +1479,11 @@ <h1>Vendors</h1>
 <td>Phoenix Security adopts a refined approach to contextual vulnerability management, integrating a sophisticated risk formula that quantifies vulnerabilities on a scale from 0 to 1000. This method encompasses three principal components: base severity, the weighted likelihood of exploitation, and the weighted business impact at the vulnerability level.             <br><strong>Base Severity</strong>: Establishes the inherent risk posed by a vulnerability, serving as the foundational risk assessment metric.          <br><strong>Weighted Likelihood of Exploitation</strong>: This factor evaluates the probability of a vulnerability being exploited, incorporating contextual elements such as externability, cyber threat intelligence (with the Exploit Prediction Scoring System <abbr title="Exploit Prediction Scoring System">EPSS</abbr> among the key indicators), <abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> Known Exploited Vulnerabilities (<abbr title="Known Exploited Vulnerability">KEV</abbr>), exploit availability, and exploit maturity levels (Proof of Concept, Exploitable, Weaponizable).             <br><strong>Weighted Business Impact</strong>: Assesses the potential impact of a vulnerability on business operations, factoring in both a user-assigned impact score (1-10 scale) and financial implications.                 This dimension does not directly influence the overall risk score through financial impact but provides a comprehensive view of the potential operational disruption. Vulnerabilities are systematically categorized across assets, applications, and environments, enhancing the precision of risk assessment. The likelihood of exploitation is detailed by combining external vulnerability data, threat intelligence, and the presence and maturity of exploits. Business impact evaluation includes user input and financial impact assessments, albeit without affecting the overall risk score.\<abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> aggregation considers asset criticality, whether an asset is internal or external, the volume of vulnerabilities, and groups them in ranges for effective prioritization and management. <br><br>This structured approach enables Phoenix Security to deliver a nuanced, actionable framework for addressing vulnerabilities in a targeted manner.Details on the risk formula are available here: <a href="https://phoenix.security/phoenix-security-act-on-risk-calculation/">https://phoenix.security/phoenix-security-act-on-risk-calculation/</a> For FAQ: <a href="https://phoenix.security/faqs/">https://phoenix.security/faqs/</a> .</td>
 <td>✅</td>
 </tr>
+<tr>
+<td><strong>Amazon</strong></td>
+<td>Amazon Inspector offers continuous vulnerability scanning for AWS EC2, ECR, and Lambda resources. Inspector provides findings with <abbr title="Exploit Prediction Scoring System">EPSS</abbr> scores, Common Vulnerability Scoring System (<abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr>) scores, and Common Weakness Enumeration identifiers (<abbr title="CWE Common Weakness Enumeration">CWE</abbr>). Findings are created using intelligence from the <abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> Known Exploited Vulnerabilities (<abbr title="Known Exploited Vulnerability">KEV</abbr>) Catalog and 50+ sources. <a href="https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html">https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html</a>           <br> Amazon Inspector also offers stateless scanning in CI/CD workflows. Here, findings are returned as CycloneDX SBOMs containing <abbr title="Exploit Prediction Scoring System">EPSS</abbr> scores, <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> scores, and CWEs. This functionality can be used with a supported CI/CD plugin <a href="https://docs.aws.amazon.com/inspector/latest/user/scanning-cicd.html#plugin-integration">https://docs.aws.amazon.com/inspector/latest/user/scanning-cicd.html#plugin-integration</a> or with the AWS CLI <a href="https://awscli.amazonaws.com/v2/documentation/api/latest/reference/inspector-scan/scan-sbom.html">https://awscli.amazonaws.com/v2/documentation/api/latest/reference/inspector-scan/scan-sbom.html</a></td>
+<td>✅</td>
+</tr>
 </tbody>
 </table>
 <div class="admonition warning">