Vulnerability Classification Ingrid Vulnerabilities within the Bitsight platform are classified in the following ways: Confirmed Indicates the host is positively identified to be vulnerable. Suspected The host might be vulnerable due to the type of detected software, but might not be vulnerable due to the uncertain patching or configuration status. This context can help narrow the field of investigation or vendor inquiry, yet does not impact the calculation of the Bitsight rating. A single vulnerability might result in both suspected and confirmed findings. Any vulnerability with both suspected and confirmed findings is classified as “confirmed.” November 15, 2022: Published. Related articles What is a Vulnerability? Vulnerability Severity: Bitsight Severity & CVSS Risk Categories: Overview How is the Patching Cadence Risk Vector Assessed? Patching Cadence Findings Feedback 0 comments Please sign in to leave a comment.