Application Vulnerability Response references
-
- UpdatedAug 3, 2023
- 1 minute read
- Vancouver
- Application Vulnerability Response
The Vancouver release is no longer supported. As such, the product documentation and release notes are provided for informational purposes only, and will not be updated.
The following terms are used in Application Vulnerability Response.
- Application Vulnerable items (AVIs)
- Pairings of vulnerability entries and potentially vulnerable applications in your company environment.
- Assignment Rules
- Rules used to assign AVIs based on your defined criteria.
- Common Platform Enumeration (CPE)
- A NIST NVD structured naming scheme for information technology systems, software, and packages.
- Common Vulnerabilities and Exposures (CVE)
- Dictionary of publicly known information-security vulnerabilities and exposures.
- Common Weakness Enumeration (CWE)
- List of community-developed software weakness types.
- Integrations
- Scheduled jobs that pull report data from CWE or a third-party system, such as Veracode, to retrieve vulnerability data. Note: If the NIST National Vulnerability Database integration in Vulnerability Response is activated and configured, CVE enrichment is available for CWEs but not required. For information on the NIST National Vulnerability Database integration, see Importing data with the NVD and CWE integrations and managing third-party libraries.
- National Vulnerability Database (NVD)
- U.S. Government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).
- Remediation Target Rules
- Rules used to assign AVIs target dates for remediation based on your defined criteria.
- Vulnerability Calculators
- Calculators used to prioritize and categorize application vulnerabilities based on your defined criteria.