A vulnerability is a flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy. Vulnerabilities that share common frameworks and events may be part of a vulnerability group (a.k.a. threat group).
Details
Vulnerabilities can have the following details:
- Classification
- An indication that the host is vulnerable.
- CVE ID
- All vulnerabilities have a Common Vulnerabilities and Exposures ID (CVE ID). Use this ID in searches for a vulnerability on the web or in the National Vulnerability Database (NVD). Prominent vulnerabilities can also have a vulnerability name.
- Dynamic Vulnerability Exploit (DVE)
- Predicts the likelihood that a vulnerability will be exploited in the next 90 days by modeling exploitation activity based on threat intelligence.
- Evidence Certainty
- A measure of how certain Bitsight is about a company's detection status.
- Exploit Prediction Scoring System (EPSS)
- Estimates the likelihood that a software will be exploited. The higher the percentage the more likely it’s to be exploited.
- Exposure Detection
- A company's protection status from a threat.
- Vulnerability Severity
- The criticality of a vulnerability. It is summarized by Bitsight severity, which follows the Common Vulnerability Scoring System (CVSS).
Resources
- API
- Emerging Security Events
- Presents emerging vulnerabilities.
- Cybersecurity News
- Recent cybersecurity news.
- Vulnerabilities & Infections
- The resource center for jajor security events.
- Vulnerability Catalog Report
- The Vulnerability Catalog for Security Performance Management.
- Vulnerability Detection
-
Vulnerability Detection by application:
- April 3, 2025: Dynamic Vulnerability Exploit (DVE); Linked to the Emerging Security Events card.
- October 18, 2024: Exploit Prediction Scoring System (EPSS).
- March 1, 2024: Linked to products for vulnerabilities.
Feedback
0 comments
Please sign in to leave a comment.