Vulnerabilities within the Bitsight platform are classified in the following ways:
- Confirmed: Indicates the host is positively identified to be vulnerable.
- Suspected: The host might be vulnerable due to the type of detected software, but might not be vulnerable due to the uncertain patching or configuration status. This context can help narrow the field of investigation or vendor inquiry, yet does not impact the calculation of the Bitsight rating.
A single vulnerability might result in both suspected and confirmed findings. Any vulnerability with both suspected and confirmed findings is classified as “confirmed.”