SSVC (Stakeholder-Specific Vulnerability Categorization) is the latest framework for vulnerability management developed by the Software Engineering Institute at Carnegie Mellon University to address the challenges of traditional CVSS score-based vulnerability management. In 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) recommended risk-based vulnerability management, such as SSVC.

FutureVuls added support for SSVC in its September 2022 release.

The SSVC engine integrated into FutureVuls automatically prioritizes detected vulnerabilities based on actual risk and can even provide instructions for response automation.

For more information on how to configure SSVC, please refer to the following pages:

  • SSVC explanation: Describes the specification and derivation of SSVC for using SSVC in FutureVuls.
  • SSVC configuration: Summarizes the configuration process for using SSVC on FutureVuls.

Additionally, the following pages explain more about SSVC and its integration into FutureVuls: