From CVE to remediation, in three deterministic steps.
Bind each CVE to a `(provider, service, resource_type)` tuple with a template URL/ARN/locator. Slots — known, derived, opaque or omitted — encode exactly what an operator must resolve.
Consumers turn templates into provider identifiers using the dictionary library, then check the exposure window — when the resource was vulnerable, when the provider shipped a fix, and whether your specific resource has propagated past it.
CRIT records ride inside the CVE 5.x ADP container as `x_crit`, carrying `vex_status`, `fix_propagation`, `shared_responsibility` and `resource_lifecycle` — spec-bound enums with cross-field consistency the validator enforces.
Built for the cloud stack you actually run.
30+ provider dictionaries shipped in the spec library — Tier-1 hyperscalers, Tier-2 IaaS, and Tier-3 SaaS — all addressable through the same template grammar.
A standards-track answer to "which cloud resource does this CVE actually affect?"
Paste a CRIT record, a CVE 5.x record with x_crit, or a vector string. Instant JSON Schema validation, vector round-trip checks, dictionary resolution — nothing leaves your browser.
Try it →CVSS-style compact encoding. CRITv0.3.0/CP:AW/VS:FX/FP:RR/SR:SH/RL:SM/… — deterministic, parseable, signable, byte-equal on round-trip.
AWS, Azure, GCP, Cloudflare, Oracle, Salesforce, SAP, ServiceNow plus 20+ extended providers covering Tier-2 IaaS and Tier-3 SaaS — all shipped in the spec library.
Browse providers →CRIT records embed in CVE 5.x via the ADP container's x_crit array. The validator parses both single-record and CVE-with-x_crit shapes.
vex_status, fix_propagation, shared_responsibility, resource_lifecycle — spec-bound enums with cross-field consistency rules the validator checks.
Independent submission to the IETF — draft-vulnetix-crit-02. Published under the Trust Provisions. Apache 2.0 implementation reference.
IETF datatracker →