Security News > 2020 > April > Meet AttackerKB, Rapid7's Crowdsourced Vulnerability Knowledge Base

Meet AttackerKB, Rapid7's Crowdsourced Vulnerability Knowledge Base
2020-04-15 14:51

Rapid7 has launched an open beta of AttackerKB, a community-sourced knowledge base of the latest vulnerabilities.

Announcing the beta version in January 2020, Rapid7's Metasploit R&D manager Caitlin Condon, blogged, "When a new vulnerability prompts discussion on Twitter or hits media outlets, the security community collectively participates in a familiar triage process: Is the bug pervasive, exploitable, or both? Is it worth dropping everything to patch or mitigate? Is the expected shelf life long enough that it's worth developing an exploit for? Or is it actually...not useful or interesting?".

"Our R&D teams have commented in the past on the lack of a community-driven venue for discussing, analyzing, and prioritizing threats. Instead of continuing to lament that gap, we simply decided to fill it," explains Cindy Stanton, VP vulnerability and risk management at Rapid7.

The response was AttackerKB - effectively a marketplace for the community of researchers and hackers to discuss and evaluate threats, and provide a central source of knowledge to security teams for their own time-critical decisions.

Firstly, "If there is a split in the people in the group over whether a vulnerability is a problem or not, then you have to pick who to side with - so you still have to make the judgement calls on how to react, just with a bit better information. The other one is if they ever get anything seriously wrong - especially saying something isn't a problem which then becomes one. If that happens, it may lose credibility as people are more likely to weigh a mistake much more than all the good work."


News URL

http://feedproxy.google.com/~r/Securityweek/~3/kQDpogZkNXY/meet-attackerkb-rapid7s-crowdsourced-vulnerability-knowledge-base