We have updated a new version of the Patching Cadence risk vector, renaming it Critical Vulnerabilities Management. This new version enhances how we calculate grades to provide a more accurate and actionable reflection of an organization's patching performance, focusing on absolute risk.
Key Changes:
- Increased CVSS Impact: The vulnerability's CVSS score is now the most impactful factor in grade calculation. High-severity scores will have the biggest influence.
- Duration Still Matters: While the impact of a vulnerability's duration is lower, unpatched issues existing for extended periods will still significantly lower the score.
- Logarithmic Scaling: Our new model uses a logarithmic scale to ensure that high-severity, long-running vulnerabilities have a significant, yet fair, impact on the rating.
What This Means For You:
- Absolute Risk Measurement: A high score indicates excellent patching performance, especially for critical issues. A low score means severe, long-standing vulnerabilities require urgent attention.
- Actionable Guidance: Quickly identify and prioritize efforts on critical vulnerabilities to improve your score.
- Fairer Comparisons: The score reflects absolute risk reduction, allowing for fairer comparisons and driving better security outcomes by encouraging the rapid remediation of the most impactful vulnerabilities.
Learn more about this update here.
Feedback
0 comments
Please sign in to leave a comment.