Quality

In professional vulnerability management there is no place for wrong or inaccurate data. This is the reason why quality and quality assurance is very important for us.

Our vulnerability moderators are highly trained and follow specific internal guidelines on how to handle new entries or updates for existing entries.

During our work it is not unusual that we find wrong or inaccurate data in other sources. For example:

Contradicting Version Information

  • CVE-2019-20025 • NVD summary claims: "This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0." → ignored contradicting version in our entry
Contradicting Summary and CVSS Vectors

  • CVE-2020-10928 • NVD summary mentions "network-adjacent" but CVSSv3 AV:L → fixed CVSSv3 AV:A in our entry
Contradicting CVSSv3 and CVSSv2 Vectors

  • CVE-2020-6510 • NVD CVSSv2 AV:N but CVSSv3 AV:L → fixed CVSSv3 AV:N in our entry
Misrepresentation of User Interaction

  • CVE-2020-10864 • NVD CVSSv3 UI:R but CVSSv2 is ignoring this added complexity → fixed CVSSv2 AC:M in our entry
Misrepresentation of Impact Vectors

  • CVE-2020-9309 • Vulnerability class is XSS but NVD CVSSv3 declares C:H/I:H/A:H → fixed CVSSv3 C:N/I:P/A:N in our entry
Wrong Summaries

  • CVE-2020-9689 • Vulnerability summary mentions version 2.3.5-p1 twice → fixed version listing in our entry

Want to stay up to date on a daily basis?

Enable the mail alert feature now!