1 About

Introduction

vFeed API / Database is a CVE, CWE and OVAL Compatible naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML/JSON schema. It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other standards and security references.

vFeed API generates a JSON-based format outputs to describe in detail vulnerabilities. It can be leveraged as input by security researchers, practitioners and tools as part of their vulnerability description. The standard syntax is easy to interpret by humans and systems.

The mandatory associated vFeed DB (The Correlated Vulnerability and Threat Intelligence Database) is a detective and preventive security information repository used for gathering vulnerability and mitigation data from scattered internet sources into an unified database. The vFeed DB must be obtained directly from vFeed, Inc.

Benefits and examples of use

vFeed utilizes JSON-based format outputs to describe in detail vulnerabilities. They can be leveraged as input by security researchers, practitioners and tools as part of their vulnerability description. In fact, the standard syntax is easy to interpret by humans and systems.

Similarly, any vendor/standard/tool that crosslinks its reference with CVEs could be integrated within the vFeed Framework and expands the vulnerability description.

• Easily integrated within security labs and other pentesting frameworks (Kali, BackTrack, Samurai...)
• Easily invoked as API calls from your software, scripts or from commandline. A proof of concept python api_calls.py is provided for this purpose.
• Simplify the extraction of related CVE attributes
• Help researchers to conduct survey on vulnerabilities (tracking vulnerabilities trends about a specific CPE)
• Help penetration testers to analyze CVEs and gather extra metadata to help shape avenues to exploit vulnerabilities.
• Assist security auditors to report accurate information about findings during assignments. vFeed could be a good approach to describe a vulnerability with attributes based on standards and third-party references(eg:vendors or companies involved into the standarization effort)

Key Features

• Registered as CVE, CWE and OVAL Compatible by the Mitre Corporation;
• aligned with the main Open Standards CVE, CPE, CWE, CAPEC, OVAL, CVSS etc;
• Downloadable SQLite Community Correlated Vulnerability and Threat Database;
• Support correlation with 3rd party security references IAVA, OSVDB, WASC etc;
• Support correlation with security assessment and patch vendors (Nessus, Exploit-DB, Redhat, Microsoft..);
• Simple and ready-to-use API Python.

vFeed supported Security standards & third-party references

The following documentation is not a guide to learn security standards. As a result, a minimal knowledge about standards is required.

• Open Security Standards:
  • CVE Common Vulnerabilities and Exposures
  • CWE Common Weakness Enumeration
  • CPE Common Platform Enumeration
  • OVAL Open Vulnerability and Assessment Language
  • CAPEC Common Attack Pattern Enumeration and Classification
  • CVSS Common Vulnerability Scoring System
  • WASC Web Application Security Consortium Threat Classification
• Vulnerability Assessment & Exploitation:
  • Nessus Scanning Scripts;
  • Metasploit Exploits and Plugins ;
  • Exploit Database IDs;
  • Saint Corporation Exploits IDs;
  • OpenVAS Scanning Scripts;
  • Nmap NSE Scripts.
• Vendors Security Alerts:
  • Microsoft Bulletins
  • Suse
  • IBM AIX APARs
  • BID - SecurityFocus
  • Mandriva
  • Redhat (available with support of Redhat OVAL ids)
  • Cisco
  • Sun
  • Gentoo
  • HP
  • VMware
  • Ubuntu
  • Debian
  • Fedora
  • etc ...

vFeed JSON-based exportable output

vFeed API since version 0.6.0 has the ability to export data into JSON output format. It makes the information more easier to be integrated and leveraged by other tools.

Here is a vFeed JSON sample output of [CVE-2014-0160] (http://www.toolswatch.org/vfeed/CVE_2014_0160.json)

vFeed Open Vulnerability and Assessment Language (OVAL) Adoption Statement

Open Vulnerability and Assessment Language (OVAL®) is an international, information security, community effort to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language.

vFeed is declared to Mitre Organization to comply with the OVAL adoption program ( https://oval.mitre.org/adoption/ ) as part of its correlation and aggregation capability. As a result, vFeed consumes the OVAL XML definitions, extract and map variables to expand the CVEs metadata.

Here is the adoption declaration

vFeed Common Vulnerabilities and Exposures (CVE) Compatibility Statement

The vFeed.db Aggregated Vulnerability Database Community relies solely on CVE Identifiers to allow researchers and users to cross link vulnerabilities with different vulnerability databases and third party references. Each vulnerability in the database will contain a CVE Identifier alongside other attributes collected and aggregated to offer more accurancy and extensibility. The CVE number will be displayed within the vFeed XML proprietary format or by leveraging the multiple methods and functions built-in with the vFeed API wrapper.

vFeed is declared to Mitre Organization to comply with the following requirements:

• CVE SEARCHABLE - vFeed implements methods to search for CVEs and CPEs. Refer to our Wiki documentation and blog posts.
• CVE OUTPUT - vFeed implements methods to export information to XML readable and easily integrable format.
• MAPPING - vFeed provides a mapping relative to a specific version of CVE. It even went beyond by mapping extra information such as 3rd party patches, exploitability, defense and scanning scripts from different internet sources.
• DOCUMENTATION - vFeed documentation includes a description of CVE, CVE compatibility, and the details of how its customers can use the CVE-related functionality of its product or service.

The Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. For further information see: https://cve.mitre.org/about

The Common Vulnerabilities and Exposures (CVE®) Compatibility Program (https://cve.mitre.org/compatible/) provides for a tool, service, Web site, database, or advisory / alert that uses CVE identifiers in a way that allows it to cross-link with other repositories that use CVE identifiers to be reviewed and registered as "CVE-Compatible."

vFeed Common Weakness Enumeration (CWE) Compatibility Statement

CWE (Common Weakness Enumeration) is a community-developed formal list of common software weaknesses. It serves as a common language for describing software security weaknesses, a standard measuring stick for software security tools targeting these vulnerabilities, and as a baseline standard for weakness identification, mitigation, and prevention efforts. Leveraging the diverse thinking on this topic from academia, the commercial sector, and government, CWE unites the most valuable breadth and depth of content and structure to serve as a unified standard. The objective of CWE effort is to help shape and mature the code security assessment industry and also dramatically accelerate the use and utility of software assurance capabilities for organizations in reviewing the software systems they acquire or develop.

vFeed Framework is declared to Mitre Organization to comply with the following requirements:

• CWE Searchable - users may search security elements using CWE identifiers.
• CWE Output - security elements presented to users includes, or allows users to obtain, associated CWE identifiers
• Mapping Accuracy - security elements accurately link to the appropriate CWE identifiers
• CWE Documentation - capability's documentation describes CWE, CWE compatibility, and how CWE-related functionality in the capability is used
• CWE Coverage - for CWE-Effectiveness, capability's documentation explicitly lists the CWE identifiers that the capability is effective at locating in software
• CWE Test Results - for CWE-Effectiveness, test results from the capability showing the results of assessing software for the CWEs are posted on the CWE Web site

See the CWE Web site (https://cwe.mitre.org/compatible/) for detailed information on how a Web site, tool, database, or other security product/service becomes compatible, and for a complete list of CWE-compatible products and services.

The vFeed CWE online compatibility declaration

vFeed License

The vFeed API utility and the associated vFeed DB the Correlated Vulnerability and Threat Database (henceforth referred to simply as "vFeed Framework") is dual-licensed. Cases that include commercialization of vFeed Framework require a commercial, non-free license.

It is important to read and acknowledge the vFeed Framework License terms before using it.

For the commercial licensed version, please check the plans & pricing