Is your feature request related to a problem? Please describe.
The guide already explains risk-based prioritization around CISA Known Exploited Vulnerabilities and BOD 22-01. A practical gap for readers is turning a scanner/export list of CVEs into a small remediation due-date queue without uploading data into another service.
Describe the solution you'd like
Consider adding this as an external practical tool/resource near the CISA KEV / BOD 22-01 material:
It is a free, open-source, browser-only worksheet that extracts CVE IDs from pasted text or scanner output, matches them locally against a bundled CISA KEV catalog snapshot, sorts overdue/due-soon items, and exports Markdown, CSV, and ICS planning artifacts. It does not require signup and does not use cookies, analytics, beacons, external scripts, uploads, or browser storage.
Describe alternatives you've considered
The guide can continue linking only to the official CISA catalog/BOD sources, and teams can build their own spreadsheet from scanner output. The suggested link is meant as an optional hands-on companion for deadline planning, not a replacement for CISA or vendor sources.
Description, Use Case and User Stories
- As a security manager or cyber defender, I can paste a list of CVEs from scanner notes and quickly see which entries are in the CISA KEV catalog.
- As an incident-response or vulnerability-management operator, I can export a due-date queue for review without sending the CVE list to a server.
- As a reader of this guide, I can move from the KEV/BOD prioritization concept to a small practical planning worksheet.
Definition of Ready
Maintainers can verify the live page, source repository, MIT license, CISA KEV data source links, and the no-signup/no-tracking posture. The current bundled snapshot is documented on the page and in the README.
Acceptance Criteria
If it fits the guide, add it as an external practical tool/resource with copy that keeps the boundary clear: unofficial worksheet, not CISA affiliation, not legal advice, not security advice, not remediation advice, not a scanner, and not a substitute for checking current CISA/vendor guidance.
Additional context
Disclosure: I maintain this tool. I am suggesting it because it is narrowly aligned with the guide's CISA KEV / BOD 22-01 prioritization topic and is built as a local-first worksheet rather than a hosted data-collection workflow.
Is your feature request related to a problem? Please describe.
The guide already explains risk-based prioritization around CISA Known Exploited Vulnerabilities and BOD 22-01. A practical gap for readers is turning a scanner/export list of CVEs into a small remediation due-date queue without uploading data into another service.
Describe the solution you'd like
Consider adding this as an external practical tool/resource near the CISA KEV / BOD 22-01 material:
It is a free, open-source, browser-only worksheet that extracts CVE IDs from pasted text or scanner output, matches them locally against a bundled CISA KEV catalog snapshot, sorts overdue/due-soon items, and exports Markdown, CSV, and ICS planning artifacts. It does not require signup and does not use cookies, analytics, beacons, external scripts, uploads, or browser storage.
Describe alternatives you've considered
The guide can continue linking only to the official CISA catalog/BOD sources, and teams can build their own spreadsheet from scanner output. The suggested link is meant as an optional hands-on companion for deadline planning, not a replacement for CISA or vendor sources.
Description, Use Case and User Stories
Definition of Ready
Maintainers can verify the live page, source repository, MIT license, CISA KEV data source links, and the no-signup/no-tracking posture. The current bundled snapshot is documented on the page and in the README.
Acceptance Criteria
If it fits the guide, add it as an external practical tool/resource with copy that keeps the boundary clear: unofficial worksheet, not CISA affiliation, not legal advice, not security advice, not remediation advice, not a scanner, and not a substitute for checking current CISA/vendor guidance.
Additional context
Disclosure: I maintain this tool. I am suggesting it because it is narrowly aligned with the guide's CISA KEV / BOD 22-01 prioritization topic and is built as a local-first worksheet rather than a hosted data-collection workflow.