- November 10, 2023: Linked to finding messages.
- August 16, 2023: New Grading & Finding Behavior sections.
- May 11, 2020: Updated risk vector description.
The Server Software risk vector tracks security problems introduced by software that are no longer supported. Supported software gets attention from the development team and vendor, so they can address bugs and vulnerabilities that are discovered.
This data can be used to create a rich picture about the software used by an organization, making it simple to maintain a robust, up-to-date array of server software applications in an organization’s IT infrastructure.
- Data Collection Methods
- Supported Operating Systems
- Supported Server Software
- What is the difference between supported and unsupported software?
- Leaves bugs and vulnerabilities unpatched.
- Exposes organizations to software bugs that can be exploited by attackers and may disrupt business continuity.
The use of server software is not required to improve an organization’s cyber security posture. Therefore, there’s no penalty or negative impact to the rating in the absence of Server Software findings.
(Out of 70.5% in Diligence)
- Identify out-of-date server software installations and update them.
- Ensure the organization has critical server software set to auto-update, if applicable, and if some of the organization’s production applications depend on certain unsupported versions, their software development teams will need to integrate the newer versions into their code base.
- Consult your operating system vendors’ software repositories and release notes for more information on supported server software for your organization.
Automated: 8 Days
User-Requested: 2-3 Days
A new finding is created and the old one needs to complete its lifetime.
The refresh status of the old finding becomes Asset Not Reached.