Alternatives and similar repositories for SSVC:

Users that are interested in SSVC are comparing it to the libraries listed below

• theparanoids / PrioritizedRiskRemediation
  A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).
  ☆73Updated 10 months ago
• t0sche / cvss-bt
  Enriching the NVD CVSS scores to include Temporal & Threat Metrics
  ☆187Updated this week
• cisagov / CSAF
  CISA CSAF Security Advisories
  ☆66Updated this week
• anchore / nvd-data-overrides
  ☆47Updated this week
• mllamazares / STRIDE-vs-ASVS
  🖇️ STRIDE vs. ASVS equivalence table
  ☆76Updated 7 months ago
• iriusrisk / OpenThreatModel
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆170Updated 4 months ago
• Deploying-Securely / DSRAM
  ☆16Updated last year
• adamshostack / DFD3
  ☆76Updated 5 months ago
• OWASP / www-project-vulnerability-management-guide
  OWASP Foundation Web Respository
  ☆30Updated 2 years ago
• vishalgarg-sec / Software-Supply-Chain-Security
  A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…
  ☆132Updated last year
• OWASP / www-project-cyber-defense-matrix
  Documentation on the Cyber Defense Matrix
  ☆24Updated last year
• OWASP / Software-Component-Verification-Standard
  Software Component Verification Standard (SCVS)
  ☆142Updated 11 months ago
• CycloneDX / transparency-exchange-api
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆74Updated 2 weeks ago
• OWASP / OpenCRE
  ☆100Updated this week
• center-for-threat-informed-defense / mappings-explorer
  Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogue…
  ☆56Updated 3 weeks ago
• FIRSTdotorg / epss
  Exploit Prediction Scoring System (EPSS)
  ☆25Updated 2 years ago
• CloudSecurityAlliance / gsd-tools
  Global Security Database Tools
  ☆42Updated last year
• ksthk / one
  One Conference 2024
  ☆108Updated 6 months ago
• enisaeu / CNW
  Advisories, guidance, best practice documents and more issued by members of the EU CSIRTs network, a network composed of EU Member States…
  ☆60Updated last week
• CISecurity / CISControls_OSCAL
  A repository containing OSCAL serializations of the CIS Critical Security Controls
  ☆48Updated last week
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆91Updated last month
• secmerc / materialize-threats
  ☆63Updated 2 years ago
• CERTCC / VINCE
  VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordin…
  ☆63Updated last week
• cisagov / kev-data
  Mirror of cisa.gov/kev data files
  ☆43Updated this week
• Toreon / threat-model-playbook
  ☆86Updated 3 years ago
• jgamblin / CVElk
  Autoconfigured ELK Stack That Contains All EPSS and NVD CVE Data
  ☆49Updated 8 months ago
• xvnpw / ai-threat-modeling-action
  AI featured threat modeling and security review action
  ☆43Updated 4 months ago
• carlota / showmethemoney
  These are files that a new CISO or someone introducing security to an organization can leverage to bridge the gap between security and th…
  ☆71Updated 5 months ago
• oracuk / oisru
  Repository for the Open Information Security Risk Universe
  ☆63Updated 2 years ago
• center-for-threat-informed-defense / cloud-analytics
  Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…
  ☆53Updated last year