Skip to content

Find vulnerabilities

Vulnerability finding is the process of identifying and documenting security weaknesses in computer systems that could be exploited by attackers. This process is crucial to ensure the security and integrity of the systems. Before contributing, it is important to identify existing vulnerabilities. This can be accomplished using reliable vulnerability databases and benchmarks. Here it provide a brief explanation of three important and reliable sources:

CVE (Common Vulnerabilities and Exposures)

It is a public cataloging system that identifies and lists known security vulnerabilities in software and hardware products. This CVE system is maintained and developed by MITER together with the cybersecurity community. - CVE Details

NIST (National Institute of Standards and Technology)

An United States government agency that provides standards and guidelines to improve information security. It also provides detailed resources for assessing and managing security risks. - NIST National Vulnerability Database (NVD)

CIS (Center for Internet Security) Benchmarks

CIS Benchmarks are a set of recommended practices developed by security experts to improve the security of computer systems. This system provides best practices in system configurations to reduce the risk of vulnerabilities. CIS benchmarks are used to ensure that systems are configured following security best practices. - CIS Benchmarks

Importance of using these sources:

  • Precision and reliability: Databases such as CVE, NIST and the CIS benchmarks with reliable and globally recognized sources.
  • Constant update: These sources are constantly updated with the latest vulnerabilities and security practices.
  • Standardized reference: They offer standards that allow organizations and security professionals to work with a common language and consistent measures.