A vulnerability is a flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy. Vulnerabilities that share common frameworks and events may be part of a vulnerability group (a.k.a. threat group).
Details
Vulnerabilities can have the following details:
- Classification
- An indication that the host is vulnerable.
- CVE ID
- All vulnerabilities have a Common Vulnerabilities and Exposures ID (CVE ID). Use this ID in searches for a vulnerability on the web or in the National Vulnerability Database (NVD). Prominent vulnerabilities can also have a vulnerability name.
- Evidence Certainty
- A measure of how certain Bitsight is about a company's detection status.
- Exploit Prediction Scoring System (EPSS)
- Estimates the likelihood that a software will be exploited. The higher the percentage the more likely it’s to be exploited.
- Exposure Detection
- A company's protection status from a threat.
- Vulnerability Severity
- The criticality of a vulnerability. It is summarized by Bitsight severity, which follows the Common Vulnerability Scoring System (CVSS).
Resources
- Recent cybersecurity news.
- Vulnerabilities & Infections resource centers.
- Cataloged Threats API for Vulnerability Detection.
- Vulnerability Catalog Report for Security Performance Management.
- Vulnerability Detection
- October 18, 2024: EPSS.
- March 1, 2024: Linked to products for vulnerabilities.
- August 2, 2023: Exposure Detection field.
Feedback
0 comments
Please sign in to leave a comment.