How are the Patching Cadence and TLS/SSL Configurations Risk Vectors Different?

Patching Cadence covers a wide range of software vulnerabilities. Unlike other Diligence risk vectors, it focuses on a company's average response time, rather than if the issue is resolved.

Not every TLS/SSL Configurations issue is related to a vulnerability published by the National Vulnerability Database (NVD) and not all Patching Cadence records are specifically related to TLS/SSL Configurations.

Examples: A vulnerability has not been declared for Diffie-Hellman Primes shorter than 2048 bits, even though industry researchers agree that it is a security risk.

Use the Vulnerability Catalog report to get a list of vulnerabilities that are tracked in the Bitsight platform.