cvechecker in development mode
by Sven Vermeulen, post on Mon 12 July 2010A while ago I had the idea to create a simple tool that checks the CVE database against my current system. It would allow me to check if my system is somewhat up to date (no pending security vulnerabilities), but also to get an automated overview of the various software …
OVAL, SCAP, CVE, CPE, ...
by Sven Vermeulen, post on Sat 05 June 2010For a personal POC I wanted to see if it is possible to generate, based on the collection of CVE entries publicly available, a report informing a system administrator about possible vulnerabilities. Nothing fancy, just based upon versions.
A simple example: tool detects Perl, acquires installed Perl version, then matches …