Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Exposure Detection & Evidence Certainty

Ingrid

⇤ Vulnerability

Exposure detection and evidence certainty describes how conclusively evidence shows that a company is exposed to or has mitigated a vulnerability.

Evidence examples are non-exhaustive; they may not apply to or be available for all vulnerabilities in our catalog.

  Detection
Exposure Mitigation
Certainty Possible
Exposure Possible

The evidence generally indicates that the company in question is unprotected from a threat.

Evidence Example:
Relationship indicates
Provider software in use
Mitigation Possible

The evidence generally indicates that the company in question is protected from a threat.

Evidence Example:
Non-vulnerable records found
Likely
Exposure Likely

The evidence specifically indicates that the company in question is unprotected from a threat.

Evidence Example:
Specific software in use
Version in use
Mitigation Likely

The evidence specifically indicates that the company in question is protected from a threat.

Evidence Example:
Long time since detection
Confirmed
Exposure Confirmed

The evidence confirms that the company is unprotected from a threat.

Evidence Example:
Version in use, patching required
Vulnerable configuration
Mitigation Confirmed

The evidence confirms that the company is protected from a threat.

Evidence Example:
Patching records found

Exposure Detection

Exposure detection indicates a company’s current status to being exposed to a vulnerability. Use this to assess immediate risk and prioritize your remediation efforts.

Field Description

Exposure

Slug name: currently or EXPOSED

 Vulnerabilities were detected within the last 60 days and may actively be impacting the company.

Mitigation

Slug name: previously

 Vulnerabilities were detected more than 60 days ago. There’s evidence of mitigation or there’s no evidence of exposure in the past 60 days.

Evidence Certainty

A measure of how certain we are about a company's detection status.

Certainty Level Description

Possible

Slug name: POSSIBLE

 The evidence generally indicates that the company in question is or is not protected from a threat.

Likely

Slug name: LIKELY

 The evidence specifically indicates that the company in question is or is not protected from a threat.

Confirmed

Slug name: CONFIRMED

 The evidence confirms that the company is or is not protected from a threat.
  • November 15, 2024: Evidence certainty slug names.
  • October 17, 2024: Added slug names for exposure detection values in the API.
  • February 8, 2024: Added descriptions of each evidence certainty type.

Related articles

Feedback

0 comments

Please sign in to leave a comment.