SSVC (Stakeholder-Specific Vulnerability Categorization) is the latest framework for vulnerability management developed by the Software Engineering Institute at Carnegie Mellon University to address the challenges of traditional CVSS score-based vulnerability management. In 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) recommended risk-based vulnerability management, such as SSVC.
FutureVuls added support for SSVC in its September 2022 release.
The SSVC feature is only available in the CSIRT plan.
The SSVC engine integrated into FutureVuls automatically prioritizes detected vulnerabilities based on actual risk and can even provide instructions for response automation.
For more information on how to configure SSVC, please refer to the following pages:
Additionally, the following pages explain more about SSVC and its integration into FutureVuls: