This article answers common questions about lifetime period logic and handling offline assets. It also explains how some risk vectors function differently
We attempt to provide a complete picture of the cybersecurity risk posture of a company over time. Without a lifetime, ratings would change drastically on a daily basis.
Lifetimes ensure that findings—both positive and negative—continue to impact your rating. Companies that monitor you are able to assess whether your security posture is proactive or reactive based on the presence of recurring findings.
For more details, see Why do findings have a decay and lifetime period?
Although risk vectors like Patching Cadence and Compromised Systems have long lifetimes (90 days and 180 days, respectively), the impact of the findings is not the same over that period of decay.
Linear decay refers to this reduction in the overall weight of a finding over time. After the “Last Seen” date, the finding’s weight slowly reduces on a daily basis until it reaches 0 on the last day of its lifetime. This means that there wouldn’t be a single major point recovery on the last day, but instead a gradual improvement over time.
Conversely, in other risk vectors findings fully impact your rating until they are dropped at the end of the lifetime. These lifetimes with full impact do not decay and will result in a single recovery once they drop.
Regardless of the risk vector, if an asset is offline, Bitsight is not able to scan it successfully and create a replacement for the old observation. In those circumstances, the finding will always have to undergo its lifetime period.
Exceptions: TLS/SSL Configurations, Web Application Security, TLS/SSL Certificates
You can track your order using the link sent to your email or by visiting the "My Orders" section in your account dashboard.
We offer a 30-day money-back guarantee on all unused items in their original packaging.
Comments
0 comments
Please sign in to leave a comment.