There Are Too Many CVEs. Let’s Just Play Video Games.

February 03, 2022

Story

As of this writing, a total of 167,516 records are published at cve.mitre.org. CVE records do not contain technical data, rather just a brief description of the security vulnerability or exposure and references that often point to vulnerability reports and advisories published in places like the U.S. National Vulnerability Database (NVD) and CERT/CC Vulnerability Notes Database.

Still confused about CVEs and the problems they produce? Let’s just call it quits and play video games.

timesys just released a fun (and addicting) game, CVE Invaders, that takes its name and basic gameplay from the ‘80s arcade game Space Invaders. In it, you fend off cyber threats that appear in the form of large CVEs and small bugs using techniques that include whitelisting, updating, and patching.

The weaknesses of specific bugs and CVEs can be revealed by running a Vigiles scan. The in-game scan is a proxy for timesys’ real-world Vigiles vulnerability monitoring and remediation solution that integrates triage tools, filtering, and a security feed from your software bill of materials with a curated CVE database to protect against cyber threats. In the game, the scan reveals which technique you can use to defeat your enemies.

If you clear enough bugs and CVEs to meet the level’s minimum security requirements, you move on to the next level.

All you need to play is a monitor, keyboard, and mouse/cursor. If you’re currently, working in an office, you might also need another application you can switch to quickly if the boss walks by.

Start level 1 at https://getvigiles.com/cve-invaders.