The cybersecurity sector has received a new tool to aid in tracking the latest vulnerability exploits, thanks to the launch of VulnCheck XDB. The database of exploits and proof of concepts, hosted on Git repositories, is designed to help vulnerability researchers and security teams prioritise vulnerabilities based on the availability and criticality of new exploits. As an open, license-less service, available at launch, VulnCheck XDB is aimed at helping researchers, offensive teams and detection engineers solve the vulnerability prioritisation challenge and boost security.
According to Anthony Bettini, CEO and founder of VulnCheck, legacy databases had the disadvantage of being designed on the “single file” model, thus making them slow and unable to support multiple files. Bettini said that exploits these days are often projects with a variety of functionalities, spanning multiple files like configuration files and command line interface files. However, the new system from VulnCheck offers an autonomous software system, enabling real-time tracking of exploit and proof of concept code.
Exploits written in other countries or hosted on foreign sites, such as Gitee, have also been covered by VulnCheck. Bettini noted that, at this time, no other exploit database had made an attempt to track such exploits in countries like China.
VulnCheck’s XDB will feature CVE indexing and be hosted as an autotracking, complementary tool on VulnCheck’s website. Users will have the option to search by common vulnerabilities and exploits (CVE) IDs for discovering vulnerabilities with written exploits. This will be of interest to companies with CVE alerts that want to assess their real risk, according to Edouard Viot, Vice President of Product at GitGuardian, a provider of code security software.
Viot further noted that application makers write only 10% of their code, and 90% of their attack surfaces are the framework they use. These frameworks use sub-libraries with, on average, three vulnerabilities per year. Thus, an application maker has a lot of CVE to manage on their application because of the dependencies. Having access to the exploitation code could help to perform an “impact analysis,” he said.
According to Bettini, there is a considerable gap in the exploit databases available today for modern security teams. “That’s why we’re excited to launch XDB. This complementary tool will be instrumental in helping researchers, offensive teams and detection engineers solve the vulnerability prioritisation challenge and bolster security,” he said.
The launch of VulnCheck XDB is encouraging and advances the fight against cyber threats. With an autonomous software system that tracks exploit and proof of concept code in real-time, this new tool will allow cybersecurity professionals to keep pace with developments in the field. With the increasing need for efficient and timely response to cyber threats, the VulnCheck XDB should encourage the development of other platforms that are equally efficient.