Coverage
📌 Article pinned by VulDB Support Team
Due to a smart database structure we are able to provide detailed information about our coverage which is unique and incomparable in the market.
CVE Coverage
We provide 100% coverage of published CVEs. If a CVE gets published, we add it quickly to the database. If a CVE gets revoked afterwards, for example if it was a false-positive, the entry remains but will be flagged. If we determine that a new CVE is going to be revoked in the near future anyway, we will not add it to the database to reduce noise for our customers. If it is a duplicate of an existing CVE, we will add the new duplicate CVE to the existing entry as well. In such cases one vulnerability entry might have multiple CVEs associated.
Coverage without CVE
The CVE program defines in their CNA Rules what qualifies as a vulnerability and which of those are eligible for a CVE. We exist since before the introduction of the CVE program and use a slightly different coverage methodology. We tend to add vulnerabilities which are not yet covered by the CVE program or will never have a CVE associated to them. If an entry receives a CVE after we have already created an entry, we will add the newly associated CVE during the update process.
0day Processing
One of the primary and unique pillars of our service is speed. We want to incorporate new vulnerability data as quickly as possible. This is the reason why have introduced a dedicated Exploit Data Team, which is responsible to find, analyze, and process new exploit data. We add such entries with additional details about exploitability and attack confirmations immediately.
Обновлено: 18.10.2024 по VulDB Documentation Team