Coverage

Due to a smart database structure we are able to provide detailed information about our coverage.

CVE Coverage

We provide 100% coverage of published CVEs. If a CVE gets published, we add it quickly to the database. If a CVE gets revoked afterwards, for example if it was a false-positive, the entry remains but will be flagged. If we determine that a new CVE is going to be revoked in the near future anyway, we will not add it to the database to reduce noise for our customers. If it is a duplicate of an existing CVE, we will add the new duplicate CVE to the existing entry as well. In such cases one vulnerability entry might have multiple CVEs associated.

Coverage without CVE

The CVE program defines in their CNA rules what qualifies as a vulnerability and which of those are eligible for a CVE. We exist since before the introduction of the CVE program and use a slightly different coverage methodology. We tend to add vulnerability entries which are not yet covered by the CVE program or will never have a CVE associated to them. If an entry receives a CVE after we have already created an entry, we will add the newly associated CVE during the update process.

Interested in the pricing of exploits?

See the underground prices here!

◂ PreviousOverviewNext ▸