i’m writing my Bachelor Thesis about ‘Vulnerability Analysis of Individual Hosts by Matching Installed Software with the NVD Database’.
The main focus is to implement matching algorithms which compares installed software of hosts with the NVD.
In the section ‘Related Work’ i will mention OpenVAS in the context of Vulnerability analysis and matching algorithms.
Where can i get information about the used matching algorithms within OpenVAS?
Which CPE version is used for the CPE matching? (v2.2 or v2.3)
Which database is used? (The usual CVE Feed or the maintained NVD)
I always wondered about the many different approaches for this task that are applied out there.
One important lesson we learned at Greenbone is that if you strictly stick to a single concept, you loose the ability to handle real live challenges. For example, only using the CPE of the official CPE database would limit you a lot. They can not follow en par with the needs of new vulnerability findings - I certainly to do not blame them for this extreme challenge.
Our scanner uses CPE entries where possible, else relies on the CPE defined in the CVE and sometimes we apply our own sensible definitions. It is a moving target also, so you need to be prepared to update the detections.
…“only using the CPE of the official CPE database would limit you a lot.”
–> Due to the fact that my databases (CPE, NVD, HostProducts) are structured json files and stored as json in mongoDB, the application will also search the NVD without CPE identifier (CPE Name).
