← Glossary
Glossary · Vulnerability Management
Vulnerability Monitoring
Continual ingestion of public and private vulnerability information against an organisation's asset inventory.
Vulnerability monitoring (ISO/SAE 21434 Clause 8) ingests CVE feeds, vendor advisories, EPSS scores, CISA KEV, and ISAC/ASRG intelligence; correlates them against deployed components (often via SBOMs); and feeds confirmed exposures back into TARA updates and incident response.
Related terms
CVE
Common Vulnerabilities and Exposures — public identifier for a disclosed security flaw.
EPSS
Exploit Prediction Scoring System — probabilistic likelihood that a CVE will be exploited.
CISA KEV
CISA's Known Exploited Vulnerabilities catalog — CVEs confirmed to be exploited in the wild.
SBOM
Software Bill of Materials — machine-readable inventory of components and dependencies in a build.
Need help applying Vulnerability Monitoring on a programme? Use the contact form or request a KAVACH demo.