Metasploit Team Unveils Community Powered Knowledge Base of Vulnerabilities and Insights
Rapid7 has launched an open beta of AttackerKB, a community-sourced knowledge base of the latest vulnerabilities. Its purpose is to provide a central repository of information on vulnerabilities to help defenders understand and triage threats.
Announcing the beta version in January 2020, Rapid7's Metasploit R&D manager Caitlin Condon, blogged, "When a new vulnerability prompts discussion on Twitter or hits media outlets, the security community collectively participates in a familiar triage process: Is the bug pervasive, exploitable, or both? Is it worth dropping everything to patch or mitigate? Is the expected shelf life long enough that it's worth developing an exploit for? Or is it actually...not useful or interesting?"
The problem for corporate security teams is that this vital discussion is dispersed and fragmented across Twitter, individual blogs, news outlets and other media. Security teams cannot easily access the combined understanding of the world's security researchers and hackers, and consequently spend more time and effort than should be necessary trying to interpret the potential impact on their own environment.
This problem was not lost on Rapid7's Metasploit team. "Our R&D teams have commented in the past on the lack of a community-driven venue for discussing, analyzing, and prioritizing threats. Instead of continuing to lament that gap, we simply decided to fill it," explains Cindy Stanton, VP vulnerability and risk management at Rapid7.
The response was AttackerKB -- effectively a marketplace for the community of researchers and hackers to discuss and evaluate threats, and provide a central source of knowledge to security teams for their own time-critical decisions. "Our aim with the community," continued Stanton, "is ..
Support the originator by clicking the read the rest link below.
