Consider Expanding CISA KEV Data

Description:

In our current KEV Support design, we plan to use a boolean (is_known_exploit) to flag vulnerabilities listed in the KEV catalog. However, CISA provides more data for each entry:

requiredAction
dueDate
knownRansomwareCampaignUse
dateAdded

There are more fields in the JSON schema but I think that those I mentioned are the relevant ones here (please feel free to correct me here @johncrowley)

We should evaluate whether it is necessary to include any of this additional information in our Rails app.
Regarding implementation - currently, we plan to export the KEV boolean as part of the advisory data. If we decide to add the information above, we might consider updating this flow and exporting KEV data separately.

Edited Aug 20, 2024 by Orin Naaman