OpenSSL3 Critical vulnerability: How to fix CVE-2022-3602 and CVE-2022-3786 | Read here  >>

The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Product update: Group and deduplicate vulnerabilities with “Vulnerability Clusters” for efficient cyber risk management | Read here  >>

OpenSSL3 Critical vulnerability: How to fix CVE-2022-3602 and CVE-2022-3786 | Read here  >>

The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Product update: Group and deduplicate vulnerabilities with “Vulnerability Clusters” for efficient cyber risk management | Read here  >>

Mapping CVEs to the MITRE ATTACK framework

The cyber security industry is embracing and standardizing on the MITRE ATTACK framework, and concurrently we understand that vulnerability management by itself is not enough. We must combine risk-based vulnerability management with MITRE ATT&CK to expand our visibility and control of CVEs. This white paper explores how the Vulcan Cyber Voyager18 research team mapped relevant mitigation techniques to CVEs through machine learning and textual analysis.

Get it now

Here’s what you’ll learn

How others have tried to map ATT&CK techniques to CVEs in the past - and the challenges they faced.

What our team did differently to ensure greater success and accuracy in mapping the MITRE ATT&CK framework.

Why textual analysis was eventually employed to augment the results.

The importance of continual updating and community input.