Release Notes Ingrid This article is updated on a regular basis. Select the Follow button at the top-right of the page to be notified of changes to this article via email. You can also follow any of the What's New sections to be notified of newly published articles in those sections. 13-JAN-2026 Continuous Coverage Expansion - January 2026 Update Starting from mid January 2026, Bitsight customers will begin to see an increase in findings discovered by Bitsight (powered by Groma enhancements). With Continuous Coverage Expansion January update, our customers can expect: ✔ Broader visibility into their attack surface, more findings, more assets ✔ 90-day incubation period to review and remediate the findings before they become rating impacting Any updates arriving from Groma under “Continuous Coverage Expansion” are global for all customers and Bitsight inventory entities. 16-DEC-2025 Continuous Coverage Expansion - December 2025 Update Starting from mid December, Bitsight customers will begin to see an increase in assets and findings discovered by Bitsight (powered by GIA enhancements). With Continuous Coverage Expansion, our customers can expect: ✔ Broader visibility into their attack surface, more findings, more assets ✔ A 90-day Grace period for the newly discovered domains to allow time to review and remediate the findings before they become rating impacting Any updates arriving from GIA under “Continuous Coverage Expansion” are global for all customers 09-SEPT-2025 Dynamic Remediation: Web Application Security Web Application Security findings that previously had to complete their lifetime when an asset is taken offline (such as removing a DNS record) are now marked as remediated. They stop impacting the rating as soon as the asset is detected as offline. Depending on the existing findings, remediation may impact (positively or negatively) the risk vector grade and/or the headline rating. 31-JUL-2025 Framework Intelligence Enables security and risk teams to upload vendor documentation (e.g., SOC 2 reports, Cyber Assurance Policies) and receive a compliance assessment mapped to frameworks like SIG LITE 2025. It leverages generative AI to surface control gaps, summarize evidence, and support faster, more scalable third-party assessments. 03-JUL-2025 Assignments A centralized view in the Vendor Risk Management application that enhances accountability for Internal Questionnaires, ensures timely completion, and simplifies progress tracking. 25-JUN-2025 History Tab A History tab in the Finding Details sheet for the Findings Table. It shows what happened to that finding (identified by the rolled-up ID). History is conveyed by: User-requested rescans Issue Tracking User-requested rescans An instant response with the results of a rescan. Applicable for TLS/SSL Configurations, Open Ports, and Server Software. 13-JUN-2025 User Roles – None role. 29-MAY-2025 [SPM] Subsidiaries page Show or hide unsubscribed subsidiaries. More streamlined subsidiary data export. Reflects rating impacting and non-impacting risk vectors. 06-MAY-2025 Latest Updates Features Bitsight Pulse Market Level Threat Intelligence in addition to Emerging Security Events. 05-MAY-2025 Archer Integrations – Integration with Bitsight Vendor Risk Management data and Connector V1.0. 28-APR-2025 TMH App: Documents – Upload or download questionnaires directly in the Documents page. Get key offline editing and storage functionality for your data. 24-APR-2025 Tag Inheritance – Enable or disable tag inheritance from the Account Preferences tab. 23-APR-2025 Guest Network Exclusion Remove guest networks from the rating with no loss of attack surface visibility. The exclusion lasts for a renewable 1-year period. Rescanned Findings As part of the Dynamic Remediation initiative, the Rescanned Findings card in the My Company Dashboard shows the number of findings per status and the total number of findings that had a rescan requested. 14-APR-2025 Ratings Change Alert Category Toggle between points or percentage. Be alerted when security ratings decrease or increase by a set percentage or number of points. This is useful for monitoring general fluctuations in a company or country's cyber security posture. 08-APR-2025 Ratings Preview – Prepare for the 2025 Ratings Algorithm Update (RAU). 07-APR-2025 Issue Tracking Remediation status, users assigned to remediate findings, and finding comments with the same rolled up ID can now propagate throughout the same ratings tree. Enable automatic finding rescans when findings are resolved (Remediation Status = Resolved). 03-APR-2025 Emerging Security Events Card Includes Dynamic Vulnerability Exploit (DVE) information. 25-MAR-2025 Identity Intelligence Preview Card Detects and provides, on average, more credentials than the standard Exposed Credentials data. Identity Intelligence also supports password policy filtering, email exclusions, and correlation with identity providers (IdP). 14-MAR-2025 Internal Documents Drag and drop to bulk upload documents. Vendors Monitor vendors flagged during assessments and use Continuous Monitoring subscriptions while adding vendors. 10-MAR-2025 Connections – Revoke connections without restriction and have full control of your data. Revoke connections from: VRM App:Vendors TMH App:Connections 07-MAR-2025 Portfolio Risk Matrix – Stoplight (green, yellow, red) color theme. 03-MAR-2025 Products by CPE Report – The Products by CPE report provides fourth party data. Use this to search for vendors, products, and versions by Common Platform Enumeration (CPE). 28-FEB-2025 Internal Information – Internal information about a vendor. 20-FEB-2025 Company-provided infrastructure now has a 60-day grace period before it impacts your rating. 06-FEB-2025 Unsubscribe from the company search and Companies tab of the Access Control page. 04-FEB-2025 Severe and Material FindingsBitsight filter set. Available for SPM, CM, and Insurance findings. Vulnerability Evidence – Available in Third Party Assets in the Security Performance Management application and in Critical Assets in the Continuous Monitoring application. Portfolio Dashboard – Critical Assets Exposure card. 28-JAN-2025 New TLS/SSL Certificate Finding Fields – Added All Sources and My Company's Sources fields. Security Ratings Timeline – Rating increases are included in the timeline. TMH/VRM User Roles – Vulnerability Response Outreach user role, which allows you to send questionnaires from the Continuous Monitoring application. 10-JAN-2025 Help Menu – Access help content (Knowledge Base and Bitsight Academy), specified by the opened application. 19-DEC-2024 Trust Score Adjustment – Increase or decrease the calculated Trust Score based on relevant information. Instant Insights – Generative AI to extract a document's contents, analyze, and then summarize the contents into deep and actionable insights. 10-DEC-2024 Jira Integration – Allows users to integrate the SPM application and Jira, creating Jira tickets directly from the Findings Table. 27-NOV-2024 Operational Technology Exposure Intelligence – Highlights operational technology (OT) risk and provides global visibility of exposed industrial control system (ICS) devices across supported protocols. TLS/SSL Certificates & TLS/SSL Configuration Findings – Details on TLS/SSL Certificates and TLS/SSL Configurations findings. 30-OCT-2024 Data Residency – Specify your operational region for storing, processing, and managing your Vendor Risk Management and Trust Management Hub data. 29-OCT-2024 Risk Remediation – Use the Risk Remediation forecast to create a forecast using your RRPs. Findings – Most findings are no longer sampled. Companies with over 10 million findings still have sampled findings. 28-OCT-2024 Security Performance Management application – Re-organized the menu. 24-OCT-2024 Anecdotes.ai – Manage compliance programs by automating evidence collection, providing real-time insights, and allowing easy customization of frameworks and controls. 23-OCT-2024 Company Overview & Executive reports localized into Japanese [ja]. 16-OCT-2024 Company Overview & Executive reports localized into German [de] and Spanish [es]. 15-OCT-2024 Executive Summary – A detailed, cumulative report that provides a holistic view of the vendor portfolio. 01-OCT-2024 Public Disclosures Risk Category – DNS incidents are now separated into incidents and findings based on how they're detected. 24-SEP-2024 Financial Quantification – New Results Comparison view. Results delivery is now automated. 17-SEP-2024 SPM Alerts – New SPM alerts experience, including multiple new alert types. 09-SEP-2024 Assessments – Assessments are now available in the Security Performance Management application. Vulnerability Detection – Incorporated Exploit Prediction Scoring System (EPSS), which estimates the likelihood that a software could be exploited. The higher the percentage the more likely it is to be exploited. TMH App: Documents – Share documents (share all & selective sharing). 06-SEP-2024 Findings – Infrastructure tags are displayed in its own column instead of being below each finding. 19-AUG-2024 Peer Analytics – Compare Patching Cadence performance with your peer group. 05-AUG-2024 Artifacts – 'NATF Energy Sector Supply Chain Risk' added to questionnaires. Assessments Overview – A comprehensive view of your assessments, providing insights into the top 5 results for upcoming, ongoing, and completed assessments. 10-JUL-2024 Forecasting – Forecast Patching Cadence findings. 01-JUL-2024 My Company Dashboard – Exposure metrics. 20-JUN-2024 Email Preferences – Be notified when a company you're monitoring is deactivated. 19-JUN-2024 Artifacts – ISO 27001:2022 questionnaire available as an artifact. 04-JUN-2024 Email Preferences – New Vulnerability Notifications available for all subscription types. 29-MAY-2024 Portfolio Dashboard – Vendor Discovery card added. 08-MAY-2024 My Company Dashboard – Vendor Discovery card added. 30-APR-2024 Requirements – Add [Assessment Setup ➔ Requirements] and view [Vendor Profile ➔ Requirements] alternate requirements in the Vendor Risk Management application. 23-APR-2024 Underwriting Guidelines – Include exposure data (vulnerabilities & vulnerability groups). 22-APR-2024 Data Vault – Get underlying data behind Bitsight Security Ratings without the Cyber Insurance application. 11-APR-2024 Subsidiary Improvement – Patching Cadence risk vector added to Subsidiary Improvement plan. Risk Analytics – New color them option added to the Risk Analytics page. 08-APR-2024 Vendor Risk Management Application – Internal Questionnaires page. 12-MAR-2024 class="app-cm"Continuous Monitoring Findings – Filter by multiple assets. Multi-select the assets you want and care about from the Assets page [Infrastructure ➔ Assets] and open them in the Findings page as filters. Use filter sets to save your selection from the Findings page, so you can open this filter with the same assets whenever you return to the Findings page. Filter Sets – You can now create filter sets for multiple assets in the CM and SPM apps. 06-MAR-2024 Provisional Ratings – Once mapped, auto-subscribing is a 1-step process down from 2, just like Bitsight curated ratings. MAR-2024 Emerging Security Events card: The card stays hidden: Now, when you click “hide” on a card, it stays hidden even if you leave the page and come back. Save space: Hidden cards mean more room for other important info on the dashboard. New events still visible: Don’t worry, you won’t miss new threats. The hidden card shows the number of new events, and they’ll still automatically expand for everyone when new info appears (like a new vulnerability). 29-FEB-2024 Connections – Add vendors in bulk. 08-FEB-2024 Infrastructure data quality & collection improvements: Increased asset discovery capability. Improved data quality. 05-Feb-2024 Vendor Risk: Overview – Collaboration panel replaced with Asset Geolocation panel. 31-JAN-2024 Vulnerability Groups – classifies vulnerabilities in Vulnerability Detection based on common frameworks and events, to make zeroing in on the correct exposures easier and provides a more acute way of prioritizing which vulnerabilities to prioritize remediation or outreach on. 29-JAN-2024 Knowledge Base: Leave comments at the bottom of an article to provide feedback on our knowledge base content. Get a count of matches (grouped by category) when doing a text search. Small changes to the visual design. 18-JAN-2024 Findings – Tag assets from the Findings Table. 16-JAN-2024 Financial Quantification – Major update adds frequency, annualized risk, and peer comparison capabilities. 09-JAN-2024 Risk Analytics: Risk Vectors Overview – Get a breakdown of the 13 risk vectors with cybersecurity incident data from the Marsh McLennan study. 06-DEC-2023 Benchmark Groups – Group companies for benchmarking. They have the same metrics and are interchangeable with peer groups. Risk Analytics – Filter by tiers or folders. 05-DEC-2023 Web Application Security Risk Vector – TLS Errors on Page Resource Fetch assessment deprecated. 04-DEC-2023 Vendor Discovery – automatically surface your vendors in the Continuous Monitoring application. 28-NOV-2023 Risk Analytics – An industry-first portfolio view into third-party vendor risk. Contextualize and prioritize risk insights from a third-party ecosystem. 24-OCT-2023 Filter Sets – Bitsight filter sets. Bad and warn findings Findings that impact the grade New findings 17-OCT-2023 Findings – Download up to 100,000 rows of findings data. 13-OCT-2023 Assets – Directly tag individual assets from the Assets page. Findings – The Impacts Risk Vector Grade field indicates whether or not a finding currently impacts a risk vector grade. Filter findings that currently impact or no longer impact risk vector grades. 11-OCT-2023 Microsoft Azure Sentinel Integration – Bring Bitsight data and tools into existing security program workflows in Sentinel. 12-SEP-2023 Client/Vendor Access Program – Cyber Insurance clients can register for the Client/Vendor Program. 08-SEP-2023 Vendor Risk: Overview – Released. 30-Aug-2023 Vulnerability Catalog – No longer available. Users should now use the Vulnerability Catalog report. Infrastructure: Attribution & Assets – No longer available. All data is available on the Infrastructure page. Infrastructure – Released. Findings – Use rolled up ID as a finding identifier. 28-AUG-2023 Ratings Tree – Filtering within the SPM app. Exposed Credential Data – The Domains field no longer include expired domains. It includes only the currently active and owned domains. 24-AUG-2023 Risk Remediation Plan – Available for Patching Cadence. 11-AUG-2023 Add Assets – Available for Group Admins. 08-AUG-2023 Cloud Infrastructure for AWS – Navigation available in Attack Surface menu. 04-AUG-2023 Attack Surface Analytics – Exposure insights. 02-AUG-2023 Emerging Security Events – Card available in the Latest Updates panel in the My Company Dashboard. 27-JUL-2023 “TPRM” renamed to “Continuous Monitoring.” Design updates: App switcher moved to the top of the menu on the left. Expand/collapse the menu using the toggle on the bottom left. Related articles Bitsight Data Change Log Exposure Metrics – July 1, 2024 User Preferences: Email Preferences Cyber Insurance API Guide SAML Setup Feedback 0 comments Please sign in to leave a comment.