Back to Playbook Visit Our Blog

Capability
Critical Vulnerability Triage

Critical vulnerability exposures to fast moving-threats across the third-party portfolio are immediately known and mitigated.

What

Exposure to critical vulnerabilities in third-party systems is rapidly pinpointed and triaged.

Why

Rapid triage of third-party exposure to critical vulnerabilities reduces likelihood of harm.

How

This capability is facilitated through implementation of the continuous surface risk assessment capability.

Maintain current knowledge of the software operating on third-party systems. When a critical vulnerability emerges, query the third-party software inventory for systems running the vulnerable software. Prioritize triage efforts towards third parties known to be exposed to the critical vulnerability.

Practice Status Adoption
Provide third-parties risk advisories regarding critical vulnerabilities. Emerging 40%
Survey vendors to understand their exposure to critical vulnerabilities and understand their related mitigation action plans. Emerging 36%
Maintain awareness of the software operating in the surface systems of third parties through the continuous surface security assessment capability. Emerging 27%
Prioritize triage efforts towards third parties known to be exposed to the critical vulnerability. Pioneering 17%
Share system vulnerability data with your third parties to assist them in remediation. Pioneering 10%
Monitor third-party remediation of critical vulnerabilities through the continuous surface security assessment capability. Pioneering 17%