More contextualized CISA KEV catalog pushed

With none of the 10 common vulnerabilities in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog threatening any cloud containerized environments, application security provider OX has called on CISA to provide more context to its vulnerability list, according to Infosecurity Magazine.

All KEV entries should include not only platform-specific relevance indicators and CVE origin details but also attack chain and attack path context, said the OX team. Meanwhile, security teams have been urged to consider vulnerabilities as critical only after comparing the original context the CVE was reported to their environment, identifying exploit examples, and evaluating the relationship of the security issue with sensitive information. "Treating all KEV vulnerabilities with equal urgency, as is sometimes demanded by compliance regulations, and regardless of environmental context, creates unnecessary workload for already overwhelmed security teams and diverts resources from genuinely critical issues," said researchers.