|
|
|
|
|
|
by dlor
56 days ago
|
|
|
Enriching does a few things, but the main ones are adding CVSS information and CPE information. CVSS (risk) is already well handled by other sources, but CPE (what software is affected) is kind of critical. I don't even know how they're going to focus enrichment on software the government uses without knowing what software the CVEs are in. |
|
|
https://csrc.nist.gov/pubs/ir/7695/final