Finding severity measures the amount of risk that a given security finding introduces. Refer to the Asset Risk Matrix for details on the following measurement criteria:
- The finding severities of Compromised Systems and User Behavior findings depends on the risk vector.
- The finding severities of Diligence findings (except Patching Cadence and Mobile Application Security) depends on their finding grades.
- Patching Cadence finding severity is based on the vulnerability’s Bitsight severity.
Features
Finding severity is leveraged in the following features:
- May 31, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.