CVE Statements - October 16, 2025 Erin Conry CVE StatementsWe’re introducing CVE Statements, a new feature that helps you and your vendors provide context about vulnerabilities found in Bitsight’s Vulnerability Detection.CVE Statements let you clarify your view of a CVE. Whether your organization is not affected, still reviewing, or has chosen to accept the risk. These statements appear alongside Bitsight’s independent findings and help reduce confusion in first- and third-party risk workflows.CVE Statements are self-attested by each company, managed independently from Bitsight's evidence, do not influence ratings, and remain unchanged unless manually updated.SPM users can: Mark CVEs as Not Vulnerable, Under Review, or Risk Accepted Choose to make statements internal (private) or external (visible in the CM app) Filter and save views to streamline triage and hide irrelevant data CM users can: View vendor statements when shared Filter by vendor input (e.g., No Statement, Not Vulnerable) Reach out via Vendor Access to request missing context Available in: Exclusively with the External Attack Surface Enhanced module in the Security Performance Management application All users in Continuous Monitoring (CM) Learn more… October 16, 2025: Published. Related articles CVE Statement Command Center Application Continuous Monitoring Application What is a Shell Company? Verifying That a Finding Is Remediated Feedback 0 comments Please sign in to leave a comment.