- July 18, 2023: Finding grading clarification.
- April 19, 2023: 2023 RAU weight adjustment.
- October 20, 2021: Ratings Algorithm Update 2021.
⇤ How is the Diligence Risk Category Calculated?
The Mobile Software risk vector assesses the supported or unsupported status of the software version. The usage of mobile software is not required to improve an organization's cyber security posture.
| Field | Description | Details & Values | |
|---|---|---|---|
| Lifetime | The number of days a finding will impact the risk vector grade, assuming nothing changes in the future and the finding is not updated with new information. Learn why findings have a decay and lifetime period. | 65 Days | |
| Low Finding Visibility | The letter grade if there are no findings or finding visibility is low. Either:
|
The impact of this grade towards the rating is equivalent to an A. This is designed to not have a negative impact on the rating. |
|
| Refresh | The Bitsight platform regularly checks for new observations. Bitsight findings are updated as these observations change, e.g., newly observed Diligence findings or an existing finding was remediated. | ||
| Automated Scan Duration | The duration of a regularly scheduled finding refresh, as the Bitsight platform checks for new observations. | Not Applicable | |
| User-Requested Refresh Duration | The duration of a user-requested refresh, which initiates a refresh of eligible findings upon request. This is recommended when a change in the finding is expected, such as when a finding has been remediated. | Not Available | |
| Grace Period | An unsupported piece of software begins to impact the grade 28 days after it officially becomes unsupported. | 28 Days | |
| Weight | Out of 70.5% in Diligence. | 1% | |
Finding Grading
Mobile Software findings are a combination of the evaluated operating system (OS) and browser, which are graded independently from one another. The Mobile Software finding grade represents the calculated combination of the OS and browser.
See: