What is a Vulnerability? Ingrid A vulnerability is a flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy. Vulnerabilities that share common frameworks and events may be part of a vulnerability group (a.k.a. threat group).DetailsVulnerabilities can have the following details: Classification An indication that the host is vulnerable. CVE ID All vulnerabilities have a Common Vulnerabilities and Exposures ID (CVE ID). Use this ID in searches for a vulnerability on the web or in the National Vulnerability Database (NVD). Prominent vulnerabilities can also have a vulnerability name. Dynamic Vulnerability Exploit (DVE) Predicts the likelihood that a vulnerability will be exploited in the next 90 days by modeling exploitation activity based on threat intelligence. Evidence Available Indications when evidence of exposure is available. Evidence Certainty A measure of how certain Bitsight is about a company's detection status. Exploit Prediction Scoring System (EPSS) Estimates the likelihood that a software will be exploited. The higher the percentage the more likely it’s to be exploited. Exposure Detection A company's protection status from a threat. Vulnerability Severity The criticality of a vulnerability. It is summarized by Bitsight severity, which follows the Common Vulnerability Scoring System (CVSS). Bitsight uses the CVSS to determine the Severity of VulnerabilitiesSome vulnerabilities are more critical than others. They carry a greater weight than less critical vulnerabilities that are observed over the same time period.Criticality is summarized by Bitsight severity. Bitsight severity is based on the Common Vulnerability Scoring System (CVSS), a scoring system that uses various properties of the vulnerability for determining its level of severity. Bitsight uses CVSS v.3.0 for scoring in the platform. Bitsight Severity: Minor Slug name: minor CVSS: 0.0 - 3.9 Bitsight Severity: Moderate Slug name: moderate CVSS: 4.0 - 6.9 Bitsight Severity: Material Slug name: material CVSS: 7.0 - 8.9 Bitsight Severity: Severe Slug name: severe CVSS: 9.0 - 10.0 Resources API Threats API Endpoint Emerging Security Events Presents emerging vulnerabilities. Cybersecurity News Recent cybersecurity news. Vulnerabilities & Infections The resource center for jajor security events. Vulnerability Catalog Report The Vulnerability Catalog for Security Posture Management. Vulnerability Detection Vulnerability Detection by application: Continuous Monitoring Security Posture Management Cyber Insurance March 19, 2026: Security Posture Management rebrand. July 8, 2025: Evidence available. April 3, 2025: Dynamic Vulnerability Exploit (DVE); Linked to the Emerging Security Events card. October 18, 2024: Exploit Prediction Scoring System (EPSS). Related articles Exposure Detection & Evidence Certainty GET: Finding Details Vulnerability Classification Request a New Vulnerability TLS/SSL Finding Remediation & Remediation Verification Feedback 0 comments Please sign in to leave a comment.