The following article looks to address the release timeframes of fixes to discovered vulnerabilities within the Adaptiva Platform.
We follow severity vulnerability ratings as per NVD’s calculators with an aggressive Patch approach to address all CVSSv3 Critical Classified vulnerabilities within 30 days of them being reported.
Vulnerability Reporting
NVD Vulnerability Severity Ratings
NVD provides qualitative severity ratings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification.
NVD - Vulnerability Metrics (nist.gov)
CVSS v2.0 Ratings | CVSS v3.0 Ratings | ||
Severity | Base Score Range | Severity | Base Score Range |
|
|
None |
0.0 |
Low |
0.0-3.9 |
Low |
0.1-3.9 |
Medium |
4.0-6.9 |
Medium |
4.0-6.9 |
High |
7.0-10.0 |
High |
7.0-8.9 |
|
|
Critical |
9.0-10.0 |
Expectations based on CVSS rating
Severity | 1st Response | Follow Up | Expected Patch cycle |
CRITICAL Vulnerability reported. CVSS V3 9.0 - 10.0 |
1st response according to incident ticket SLA* * See Support Policy Below |
Treated with an Urgent SLA response |
Create corrective action plan within two weeks. Remediate vulnerability within one month |
HIGH Vulnerability reported. CVSS V3 7.0 - 8.9 |
1st response according to incident ticket SLA* * See Support Policy Below |
Treated with a High SLA Response |
Create corrective action plan within one month. Remediate vulnerability within three months. |
Other Vulnerabilities |
1st response w/in SLA | No expected follow up |
Can be resolved based on availability of staff resources |
Comments
0 comments
Article is closed for comments.