CVE Trending by Year

by Josef Weiss
February 11, 2014

This dashboard trends outstanding CVE issues in a variety of tables and trend lines.

  • Updated February 10th 2014, version 3, SecurityCenter 4.7
  • Required Tools - Nessus or PVS

This dashboard leverages SecurityCenter's ability to filter vulnerabilities based on the specific year of the associated CVE ID for it.

There are four components of this dashboard.

Outstanding CVE matrix - This component shows the total CVE ID count for each severity level for the years displayed. Also presented is a column that displays if any exploitable vulnerabilities exist for any CVE ID for the years displayed.

Outstanding CVE Breakdown - This component displays a breakdown of present CVE vulnerabilities by severity for the CVE ID years 2010 to 2014.

CVE Trending by Severity - This component shows a 90 day analysis of vulnerabilities discovered by severity. Each trend line is assigned to a severity, and tracks the total CVE IDs for the last 5 years

Top 10 CVE ID's by Year - The top ten CVE ID's in 2014. The summary table is sorted by CVE ID and displays the CVE, total matches, and severity.

Further customization of this dashboard could include IP address listings or tables with assets and their counts of outstanding CVE issues.Also, the user of filtering vulnerabilities based on its exploitability, date discovered, plugin family or if it were actively or passively detected offer many other forms of potential reports of value.

Compliance Regulations

  • Payment Card Industry Data Security Standard (PCI DSS) - 6.1
  • SANS Consensus Audit Guidelines -10 Continuous Vulnerability Assessment and Remediation
  • FISMA -RA-3 (a, b, c, d), RA-5 (a, b, 1, 2, 5, 6)

The dashboard and its components are available in the SecurityCenter 4.7 Dashboard app feed, an app store of dashboards, reports, and assets. The dashboard requirements are:

  • SecurityCenter 4.7.1
  • Nessus 5.2.4
  • PVS 4.0.0