OWASP CVE Assessment Guide

The purpose of this project is to reduce the noise created by the overwhelming number of CVEs—particularly those affecting third-party libraries—by helping teams prioritize real, exploitable vulnerabilities over theoretical or low-impact ones. It provides a curated and comprehensive list of frameworks that serve as a starting point for analyzing and assessing CVEs in specific contexts, enabling more informed and efficient vulnerability management

Road Map

Quarter 1: Foundation & Planning

• Finalize project scope and objectives.
• Identify and evaluate existing CVE assessment frameworks.
• Set up project infrastructure (GitHub repo, OWASP project page, Slack channel, etc..).

Quarter 2: Initial Content Development

• Create the first version of the CVE assessment guide.
• Collect common feedback from the community to enrich the guide
• Draft methodology for assessing CVEs based on shared feedback

Quarter 3: Community Engagement & Feedback

• Share the initial draft with the OWASP community for feedback.
• Host a webinar or community call to present the project and gather input.
• Incorporate feedback and refine the guide.