Vulnerator - the vulnerability parsing utility.

Vulnerator – the vulnerability parsing utility.

The Mission
Vulnerator has been designed to assist U.S. Department of Defense (DoD) cybersecurity analysts with the daunting task of consolidating vulnerability data from the numerous sources that have been mandated:
– The Assured Compliance Assessment Solution (ACAS)
– Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs)
– Security Content Automation Protocol (SCAP) content parsed via ACAS or the SCAP Compliance Checker (SCC)1
– Windows Automated Security Scanning Program (WASSP)


Software Security
With the move from SoftwareForge to the public domain, the integrity of the application has recently been thrust into the limelight. To ensure the application is secure, please note the following measures:
+ @amkuchta has personally had his hand in every line of code in the application – there is not a single file that has not been touched, modified, or updated by him
+ Only four GitHub users have the power to update the application. This means that although anybody can fork the repository and change their personal repo, only one of the four “gatekeepers” can authorize a change to the master branch
+ Each release is listed with both an MD5 and SHA256 checksum value – after you download the application, I encourage you to check the hash yourself to ensure that you downloaded what you expected
+ If the above measures are not enough, please feel free to create your own fork of the repository and compile the application yourself – this will allow you to do a manual code review to ensure that no malicious lines exist before creating an executable.



Download: MB)