Server Software Risk Vector: Core Overview Ingrid The Server Software Risk Vector tracks security problems introduced by software that are no longer supported. Supported software gets attention from the development team and vendor, so they can address bugs and vulnerabilities that are discovered. Risk Category: Diligence Default Grade: A Current Rating Impact: 2% Finding Lifetime: 60 Days (The duration a finding impacts your grade if no changes occur). Scan Cadence: Automated every 8 days (or ~3 days via user-requested rescan); Daily automated scans for EASM Enhanced customers. Eligible for Instant Reply? Yes. This data can be used to create a rich picture about the software used by an organization, making it simple to maintain a robust, up-to-date array of server software applications in an organization’s IT infrastructure.Please note: We cannot make any special exemptions with regards to the impact of this risk vector if an organization’s business requirements depend on outdated or insecure server software applications. Please open a ticket with Bitsight Support if you would like to discuss your Server Software findings.Where can I view my Server Software Grades and Findings? SPM App: Findings ➔ Findings Table CM App: Select a company from your Companies List. Go to Vendor Risk ➔ Findings Insurance App: Select a company from your Companies List. Go to Client Risk ➔ Findings Bitsight API: GET /v1/companies/company_guid/findings?risk_vector=server_software Terms that are Good to Know Backported: Some software vendors will duplicate security fixes and bugs from their most recent, supported versions of their software to certain older versions which would otherwise pose a security risk, as a courtesy to their customers. Learn more about backports. Deprecated: Deprecated software versions are those for which newer versions are available, and the software vendor has declared they are ending support for that particular version. Operating System: System software that manages computer hardware and software resources and provides common services for computer programs.Example: Microsoft Windows, Linux, Unix, Mac OS Operating System Distribution: A variation on an operating system that is distributed by a vendor. Ubuntu and Debian are distributions of Linux. BSD is a distribution of Unix. Windows and Mac OS do not have distributions. Outdated/Out-of-date: The software version which could be supported, but it needs a minor update (patch) first. Package: A software package is specific to an operating system distribution. Patch: A patch is an improvement made to software on a specific operating system distribution. Supported: Software versions which are supported have the latest bug fixes and security fixes, and present the least risk to businesses that use them. Unsupported: Software versions which are unsupported are known to have bugs or security holes, and the continued use of unsupported software creates a liability for businesses that don't upgrade to newer versions. Did this not fully answer your question? Learn more about Bitsight's Data Collection Methods here. What Operating Systems does Bitsight support What Server Software does Bitsight support October 23, 2025: Daily automated scans for EASM Enhanced customers June 25, 2025: Instant Reply for user-requested rescans. March 25, 2024: “No findings/low findings” changed to “insufficient data.” November 10, 2023: Linked to finding messages. Related to diligence_risk_category server_software Related articles TLS/SSL Configurations Risk Vector Data Collection Methods Overview Patching Cadence Risk Vector: Core Overview TLS/SSL Finding Remediation & Remediation Verification Diligence Risk Category Feedback 0 comments Please sign in to leave a comment.