Finding Severity Ingrid Finding severity measures the amount of risk that a given security finding introduces. Refer to the Asset Risk Matrix for details on the following measurement criteria: The finding severities of Compromised Systems and User Behavior findings depends on the risk vector. The finding severities of Diligence findings (except Patching Cadence and Mobile Application Security) depends on their finding grades. Patching Cadence finding severity is based on the vulnerability’s Bitsight severity. Features Finding severity is leveraged in the following features: Asset Risk Matrix Assets Attack Surface Analytics Issue Tracking May 31, 2024: Published. Related articles Issue Tracking: Asset Risk Matrix How are Bitsight Security Ratings Calculated? Vulnerability Severity: Bitsight Severity & CVSS Risk Categories: Overview Finding Behavior Feedback 0 comments Please sign in to leave a comment.