Are detected CVEs continuously monitored regarding status changes?

The answer is yes!

Example: The notification page shows both added and removed CVEs.

  1. MAIA detects a new CVE affecting a component that is included in a number of deliveries.
  2. All deliveries that has monitoring activated generates a notification message and email.
  3. When opening the NVD page a undergoing reanalysis message is presented.

  1. We decide to wait for the result of the reanalysis before making any evaluations on the CVE.
  2. Ticking off the notification.
  3. A new notification message appears. Removed CVE messages this time. What does that mean?

  1. A previously detected CVE has been rejected and all affected deliveries that are monitored in MAIA have been updated.