The 2024 Ratings Algorithm Update (RAU) is set to take place on June 26, 2024. It includes a single change to the lifetime of remediated findings for the Patching Cadence risk vector. The Patching Cadence lifetime is decreased from 300 days to 90 days and stops impacting the rating 210 days sooner than it would have under the current algorithm.
The Patching Cadence risk vector will remain otherwise unchanged and continue to constitute a 20% weight (out of the 70.5% Diligence risk category weight) towards the overall Bitsight rating.
We will provide a ratings preview 90 days before the update, allowing users to compare how the current and updated algorithms impact ratings. Refer to the 2024 RAU frequently asked questions to learn why we update our ratings algorithm and how these changes might affect you.
About the Patching Cadence Lifetime
Patching Cadence measures how long, on average, known vulnerabilities remain unpatched. Once a vulnerability is detected to be patched, it begins to decay and lose its impact on the risk vector and overall rating over a period of time. The period after a Patching Cadence finding has been identified as remediated, but still impacts the rating, is called its “lifetime.”