Publication Date – November 15, 2022
Third-Party Vulnerability Detection provides an improved workflow for third party risk manage (TPRM) teams to access and manage vulnerabilities and exposures - including major security events - to find and remediate threats more quickly within their vendor portfolio.
This page includes:
Navigation Options
CM App: Vulnerability Detection
Vulnerability Overview
The Vulnerability Overview contains the following information:
- Vulnerabilities detected in Portfolio – A chart showing confirmed vulnerabilities detected in your portfolio out of all Bitsight-supported vulnerabilities.
- Exposure 14 day Trend – The number of trending vulnerabilities during the past 14 days.
- Recently Supported Vulnerabilities – Vulnerabilities that were most recently added to the Bitsight platform.
Vulnerability Detection Details
Select the Download button to export this data as a CSV.
| Field | Description | Filters |
|---|---|---|
| Currently Exposed | The number of companies exposed to this vulnerability in the past 60 days. | Select a range on the number of companies that are currently exposed. |
| Exposure Trend | The trend in the number of companies in your portfolio that are exposed to this vulnerability. |
|
| First Seen | The date when this vulnerability was first detected in your portfolio. | Include vulnerabilities that were first seen in the past:
|
| Previously Exposed | The number of companies exposed to this vulnerability over 60 days ago. | No |
| Severity Details | The CVSS score of this vulnerability. Learn more about the difference between Bitsight Severity and the CVSS scoring models. | 0-10 CVSS v3 score. |
| Vulnerability | The name of this vulnerability. | Search bar. |
Additional Filters
- Folder: Use the context switcher to specify a tier and then include this to also filter by folder.
- Tier: Use the context switcher to specify a folder and then include this to also filter by tier.
- Vulnerability Detected: Include only detected vulnerabilities.
Vulnerability Evidence
Select a vulnerability to get details about the vulnerability. The evidence details includes:
- Vulnerability details (name, description, severity, and remediation tips).
- Your portfolio’s current exposure to the vulnerability.
- Exposure statistics (current, previous, and total).
Fields
Select the Download Overview button at the top-right to download a PDF of the selected vulnerability’s details.
| Field | Description | Filters |
|---|---|---|
| Company Name | The name of this company. | Search bar. |
| Evidence Certainty | The level of certainty that a vulnerability has been confirmed to exist and poses a risk. | Yes |
| First Seen | The date when this vulnerability was first detected for this company. | Include vulnerabilities that were first seen in the past:
|
| Last Seen | The date when this vulnerability was last detected for this company. | Include vulnerabilities that were last seen in the past:
|
| Tier | The tier of this company. | Ensure the All Companies folder is selected in the context switcher and then:
|
Company Details
Select a company to view evidence details for that vulnerability. The details include:
- First seen & last seen dates.
- A summary of the exposure.
- Evidence records pertaining to this company.
- A workflow for inviting a vendor to collaborate via the Enable Access Program.
- A downloadable report for quick-sharing.