This morning CISA announced that it had published their new Known Exploited Vulnerabilities nomination form. According to today’s announcement:
“The new form is a secure, web-based tool that will improve CISA’s ability to intake and analyze reported vulnerabilities and ensure we continue to help organizations effectively keep pace with threat activity. Vulnerabilities submitted for potential addition to the catalog must have a Common Vulnerabilities and Exposures (CVE) ID, evidence of exploitation, and clear mitigation guidance. Learn more about the criteria for KEV catalog submissions and CISA’s efforts to reduce KEV-related risk.”
According to the approved information collection request (ICR) supporting this reporting form, CISA expects as many as 2,725 annual submissions
This should allow CISA participate earlier in the exploit notification process. Instead of having to wait until they read about the exploits in the press, this will allow them to hear directly from owners, vendors, and researchers when exploits are identified.
No comments:
Post a Comment