Lifetime by Risk Vector Ingrid Lifetime is the number of days a finding impacts the risk vector grade, assuming nothing changes in the future and the finding is not updated with new information. This is defined by the number of days a finding will impact the risk vector grade. Learn why findings have a decay and lifetime period. Compromised Systems The lifetime of Compromised Systems risk vectors is 180 days. Botnet Infections Spam Propagation Malware Servers Unsolicited Communications Potentially Exploited Diligence SPF Domains = 60 Days DKIM Records = 60 Days TLS/SSL Certificates = 60 Days TLS/SSL Configurations = 60 Days Open Ports = 60 Days Web Application Security = 60 Days Patching Cadence = 90 Days Insecure Systems = 60 Days Server Software = 60 Days Desktop Software = 65 Days Mobile Software = 65 Days DNSSEC = 60 Days Mobile Application Security = 1 Year Web Application Headers = 60 Days DMARC = 60 Days Domain Squatting = Not applicable User Behavior File Sharing = 60 Days Exposed Credentials = Not applicable Public Disclosures Security Incidents = Ratings-impacting events have a 120-day half life starting from the effective date. The impact reduces by half after 120 days, and then steadily minimizes. Individual events completely stop impacting the rating after 2 years. Other Disclosures = Not applicable. July 10, 2024: The Patching Cadence lifetime is 90 days. January 31, 2024: The Patching Cadence lifetime is subject to change for the 2024 RAU. December 12, 2023: Incorporated 2-year lifetime from RAU 2023 for Security Incidents. Related articles What is a Finding Lifetime? Patching Cadence Risk Vector Botnet Infections Risk Vector How is the Web Application Headers Risk Vector Assessed? 2024 Ratings Algorithm Update – March 26, 2024 Feedback 2 comments Sort by Date Votes Elaine Tiller June 06, 2024 17:56 You need to update the lifetime on Patching - thanks 0 Ingrid June 07, 2024 13:48 We will update the documentation on Patching Cadence lifetime when the 2024 Ratings Algorithm Update goes into effect - ETA July 10. 0 Please sign in to leave a comment.