Researching and Validating Findings

Overview

To prioritize the findings, you have to understand the risk level, validate false positives, fine tune scan configurations, and more. There are resources available to help in this research including the MITRE CVE framework.

Validating Vulnerabilities

Vulnerabilities can be categorized in three areas based on their validity: false positive, false negative, and true positive.

• False positive: An alert that incorrectly indicates that a vulnerability is present. For example, there is not fire present, but a fire alarm is going off.

• False negative: An instance in which a security tool intended to detect a particular threat fails to do so. For example, there is a fire present, but the fire alarm does not sound.

• True positive: An alert that rightfully indicates a vulnerability is present. For example, there is a fire present and the fire alarm rightfully sounds.

Researching Vulnerabilities

There are many details that can be associated with a vulnerability such as the severity, the techniques required to exploit the issue, fixes available, and more. Sometimes, finding this information requires additional research. To make this process easier and answer ensure that findings are labeled in a universal and consistent way, the MITRE CVE framework was created. MITRE CVE is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services) with these definitions. CVE Entries are comprised of an identification number, a description, and at least one public reference.

To learn more, visit the CVE getting started page for beginner tips: https://cve.mitre.org/about/getting_started.html