CVE Enrichment - life without NVD? The recent (Feb 2024) issue with the NVD not enriching CVE's with metadata worries the community.
But is there no alternative to get a CVSS score, CWE id, and the CPE's? It turns out there is: start with the vendor advisories. But it is not always easy yet.
Differences between IT and OT: often mentioned in cybersecurity, but what are these differences actually? In this document we describe the differences with respect to
equipment, network wiring and usage, software, work procedures, and more.
Cyber Resilience Act Vulnerability Handling: what must vendors do according to his new EU act will be mandatory for vendors bringing 'products with digital elements' onto the EU market. Based on the draft EU text of December 2023 (updated 16 January 2024).
NIS2: Valt mijn bedrijf onder de NIS2? Hoe moeten de appendixen gelezen worden om te weten of een type bedrijf wel of niet genoemd is als 'essentieel' of 'belangrijk'.
Patching 101: An introduction to what patching is, CVE, CVSS, ICS-CERT, VDE-CERT, for beginners in this area.
Patching Optimization: 80% less work thanks to the Exploit Prediction Scoring System.
IEC 62443-3-2 Systeemontwerp: een samenvatting van de nieuwe versie van deze norm, die de werkwijze beschrijft hoe een industrieel besturingssysteem tegen malware beschermd moet worden.
Protecting USB: an overview of which protective measures exist to protect USB-ports against malware or unwanted equipment.
Frame Preemption: an overview of how this new technique in TSN works.
Tapping Industrial Ethernet: an overview of the available techniques for tapping network messages on Ethernet
An introduction about industrial Ethernet (Dutch only). It describes the general principles of Ethernet, followed by an introduction about the adaptations specific for industrial Ethernet. Although the book was written in 2004, and industrial Ethernet has made spectacular progress in the last decade, the technology behind it hasn’t changed very much.
Articles explaining the technology in an easy way
without commercial intent or preference
for a particular product or protocol
