How are the Patching Cadence and TLS/SSL Configurations Risk Vectors Different? Ingrid Patching Cadence covers a wide range of software vulnerabilities. Unlike other Diligence risk vectors, it focuses on a company's average response time, rather than if the issue is resolved.Not every TLS/SSL Configurations issue is related to a vulnerability published by the National Vulnerability Database (NVD) and not all Patching Cadence records are specifically related to TLS/SSL Configurations.Examples: A vulnerability has not been declared for Diffie-Hellman Primes shorter than 2048 bits, even though industry researchers agree that it is a security risk.Use the Vulnerability Catalog report to get a list of vulnerabilities that are tracked in the Bitsight platform. September 23, 2019: Published. Related articles How is the Patching Cadence Risk Vector Assessed? Windows Extended Support and Extended Security Upgrades (ESU) CM App: Companies List How are Bitsight Security Ratings Calculated? TLS/SSL Finding Remediation & Remediation Verification Feedback 0 comments Please sign in to leave a comment.