Risk Category: Compromised Systems
- Compromised Systems Risk Category
- Compromised System Destination IP Disclosure Policy
- Botnet Infections Risk Vector
- Spam Propagation Risk Vector
- Malware Servers Risk Vector
- Unsolicited Communications Risk Vector
Risk Category: Diligence
- Diligence Risk Category
- SPF Domains Risk Vector
- DKIM Records Risk Vector
- TLS/SSL Certificates Risk Vector
- TLS/SSL Configurations Risk Vector
- Open Ports Risk Vector
Risk Category: User Behavior
Risk Category: Public Disclosures
Assets
Vendor Risk Management & Trust Management Hub Data
- Artifacts
- Assessment Life Cycle Stages
- Data Residency
- Finding Criticality
- Instant Insights Data and Technologies
- Trust Management Hub Document Types
Collaboration & Connections
Control Insights Data
Delegated Security Controls
Infrastructure Data
Glossaries
- Diffie-Hellman Primes and Keys
- Forms of Attacks
- Glossary of Terms
- Glossary of Terms - File Sharing
- Glossary of Terms - Public Disclosures
- Glossary of Terms - Server Software
Network Map & Company Information
- Bitsight Inventory Status
- Company ID
- Company Mapping Scenarios
- Company Metadata
- Company Relationships
- Company Request Statuses
Findings
- What is a Finding?
- Finding Behavior
- Findings Search Fields
- Impacts Risk Vector Grade
- Compromised System Findings
- Botnet Infection Findings
Finding Messages
- SPF Domains Finding Messages
- DKIM Records Finding Messages
- TLS/SSL Certificates Finding Messages
- TLS/SSL Configurations Finding Messages
- Open Port Finding Messages
- Web Application Header Finding Messages
Findings: Troubleshooting
- Do Parked Domains Generate DMARC Findings?
- How to Access OCR/HHS Breach Reports
- Lifetime and Offline Assets: Frequently Asked Questions
- Troubleshooting Insecure Systems Service: NetBios
- Why Do I Have a Bad DMARC Finding?
- Why Is My DKIM Grade a C When I Have No Findings?
Classification Methods
- Risk Categories: Overview
- Finding Severity
- Vulnerability Classification
- Exposure Detection & Evidence Certainty
- Botnet Infections Finding Considerations
- Spam Propagation Finding Considerations
Findings Data Collection Methods
- Crawlers
- Requesting a New Vulnerability
- Compromised Systems Events Proven to be Originating from Testing Environments
- Threat Research Process
- Reporting a Public Disclosures Event
- Data Collection Methods Overview
Rating Designations
Service Provider Details
Standards & Authorities
- Accepted Accounting Standards
- Certificate Authorities
- Cookie Assessment Exclusion
- Regional Internet Registries (RIR WHOIS)
- Supported Operating Systems
- Supported Server Software
Vulnerabilities & Infections
- Apache ActiveMQ Remote Code Execution [CVE-2023-46604]
- ArcaneDoor Vulnerabilities [CVE-2024-20353, CVE-2024-20359]
- Atlassian Confluence Data Center and Server Template Injection [CVE-2023-22527]
- Atlassian Confluence Data Center and Server [CVE-2023-22515]
- Barracuda Email Security Gateway [CVE-2023-2868]
- Cisco Adaptive Security Appliance (ASA) Software Brute Force [CVE-2023-20269]