CISA BOD 22-01 and Known Exploited Vulnerabilities
Does Flexera have any intention to somehow integrate the new CISA Known Exploited Vulnerabilities list (Reducing the Significant Risk of Known Exploited Vulnerabilities), announced as part of CISA BOD 22-10 (cyber.dhs.gov - Binding Operational Directive 22-01)?
It sounds like this is similar to the Threat rating offered by Flexera, but I would love to be able to include/exclude vulnerabilities in Smart Groups based on their presence on the new CISA list. Or as a toggle within Smart Group Results (secure, end of life, insecure, CISA list).
Thanks for your question. We consider a very broad range of vulnerability intelligence as sources for our advisories, including this. However, we do not currently have plans to expose this as distinct metadata. If this specific source is of special value to you and you would like to see it surfaced as a detail on which you might base a smart group, please suggest such as an enhancement request in our Ideas portal at https://flexerasfdc.ideas.aha.io/ideas?project=SVM so we can better track this request and consider the interest of other customers as part of our prioritization process.