- January 25, 2023: Reason for the Patching Cadence risk vector’s lifetime.
- January 14, 2021: Published.
Every finding has a lifetime that indicates how long it impacts the risk vector grade, depending on the particular risk vector. This is defined by the number of days a finding will impact the risk vector grade.
Remaining Lifetime shows the projected number of days that a finding will continue to impact risk vector grading. This is a projection that assumes nothing changes in the future and a finding is not updated with new information. It may change if a finding is updated.
Previously captured findings continue to impact ratings until the finding completes its lifetime (depending on the specific risk vector). It will continue to be listed in the company report, along with the active findings.
The headline security rating will reach a perfect value if all vulnerabilities are fixed and all findings (associated with vulnerabilities) have completed their lifetime.
Frequently Asked Questions
Why do findings with a GOOD grade have a remaining lifetime?
All findings that impact a risk vector grade have a lifetime, including positive (GOOD) and neutral grades. The lifetime simply indicates how long any impact will last.
Why would a GOOD finding stop impacting ratings?
While the remaining lifetime is likely to be more useful when working on remediating findings, this is still a function of how risk vectors – and ultimately rating – are graded.
Why do findings of risk vectors that are in beta have a remaining lifetime?
Because the lifetime of a finding is the number of days the finding will impact the risk vector grade and is not directly impacting the rating, beta risk vectors have a lifetime.
Beta risk vectors function exactly like regular risk vectors, which evaluates the underlying data and is given an overall assessment. However, the data is undergoing testing. Any grade does not ultimately impact the rating during the beta period.