In the Vulnerability Detection feature, evidence certainty describes how conclusively Bitsight's evidence shows that a company is exposed to or has mitigated a vulnerability. Evidence is classified based on two metrics: detection and certainty.
Detection | |||
Exposure | Mitigation | ||
Certainty | Possible |
Exposure Possible
The evidence generally indicates that the company in question is unprotected from a threat. Evidence Example: |
Mitigation Possible
The evidence generally indicates that the company in question is protected from a threat. Evidence Example: |
Likely |
Exposure Likely
The evidence specifically indicates that the company in question is unprotected from a threat. Evidence Example: |
Mitigation Likely
The evidence specifically indicates that the company in question is protected from a threat. Evidence Example: |
|
Confirmed |
Exposure Confirmed
The evidence confirms that the company is unprotected from a threat. Evidence Example: |
Mitigation Confirmed
The evidence confirms that the company is protected from a threat. Evidence Example: |
Evidence examples are non-exhaustive; they may not apply to or be available for all vulnerabilities in our catalog.
Detection
A company's protection status from a threat.
- Exposure: The state of being unprotected from a threat.
- Mitigation: The state of being protected from a threat.
Certainty
A measure of how certain Bitsight is about a company's detection status.
- Possible: The evidence generally indicates that the company in question is or is not protected from a threat.
- Likely: The evidence specifically indicates that the company in question is or is not protected from a threat.
- Confirmed: The evidence confirms that the company is or is not protected from a threat.
- February 8, 2024: Added descriptions of each evidence certainty type.
- January 31, 2024: Updated scale.
- April 28, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.