Hello Cve



by Nicolas Crocfer

Hello Cve

What is Saucs ?

Saucs.com is a platform dedicated to the IT security, using the well-known standards of vulnerabilities management (CVE, CPE, CWE, CVSS).

The operation is simple : you subscribe in 1 click on a vendor (or one of its products), and you receive an alert as soon as we detect a new CVE or an update on it.

Why and how ?

It was first a personal need : as two devops, we manage every day software and hardware products. They are, like any things in IT, potentially vulnerable from one version to another.

We must follow their security updates, which is a day to day job and time consuming.

Luckily the CVE standard already exists and provides us this information, but the given data is not easily queryable : we must check all the CVE to see if we are impacted.

Saucs goal is to provide this layer and automate everything : our robots check the CVE update list, parse the XML feed and format it. Then you can subscribe to the vendors and products you want, and you receive an email as soon as we detect a new change that will interest you.

The internal workflow will be detailled in an upcoming article.

And next ?

First we used it for our personal alerts and then we wanted to know if the concept could be useful to other people, so we launched the website last week in this tweet : we receive nearly 500 new registrations in 5 days and lots of positiv feedbacks, with just one single tweet !

So we know that it’s a service that suits you, and we’ll work hard in the next weeks to provide you new features. We have a lot of ideas, for example :

  • alerts customization (you choose frequency and filters),
  • new notifications types (Slack, Mattermost, RSS feed, callback URL, …),
  • CVE comments,
  • new sources (Debian DSA, ExploitDB, …),
  • API / SDK,
  • Mobile apps,
  • … and others :)

Of course this list is not exhaustive : if you have any further needs, please do not hesitate to tell us.

The team

We are 2 devops to work on this platform : Nicolas Crocfer (the dev) and Laurent Durnez (the sys). You can contact us through Twitter if you have any questions or feedbacks.