We add vulnerabilities to the Bitsight platform regularly. In general, we can only track vulnerabilities that are externally detectable and fit within the scope of what we're able to discover.
Some vulnerabilities can't be tracked because they either require an additional level of access to the target systems or because we would need to actually exploit a system to accurately detect their presence.
Additionally, we prioritize vulnerabilities to be researched based on the number of companies potentially affected, the severity of the vulnerability, and whether they are being used by attackers in the wild to compromise systems.
If a vulnerability is not currently available to track in the Bitsight Platform, you can submit a request to have it added via Support. From there, our Vulnerability Team researches, reviews, and determines whether we can track the vulnerability with confidence. This process takes anywhere from a few days to a few weeks and is not always successful. If we run into a roadblock that would prevent us from obtaining high confidence information on the vulnerability, then it is not added to the catalog.
Request Instructions
To request a new vulnerability, contact Bitsight Support and provide the Common Vulnerabilities and Exposures ID (CVE ID). A member of the Support team will follow up with you and the request will be escalated to our Vulnerability Team.
Your Customer Success Manager or Account Manager can check on the status of your request using the CVE ID.
- August 24, 2023: Linked to vulnerability & severity definitions.
- October 25, 2021: Published.
Feedback
0 comments
Please sign in to leave a comment.