We’ve developed a Multi-Framework Security Questionnaire that comprehensively maps to both ISO 27001:2022 and NIST CSF 2.0, and it is now available to all customers in the questionnaire library. This dual-standard approach offers a holistic view of a third party’s security posture, ensures robust incident response and recovery plans, and demonstrates a commitment to high security standards. We're excited to roll out even more questionnaires covering global and local regulations in coming releases.
Detection of regreSSHion (CVE-2024-6387)
CVE-2024-6387 is a high-severity vulnerability in OpenSSH servers that, if exploited, facilitates Remote Code Execution with full root privileges (CVSS 8.1). This will raise a verified vulnerability and the high severity risk “Vulnerable to CVE-2024-6387 (OpenSSH regreSSHion Remote Code Execution)“.
Detection for polyfill.io inclusions
Recently the polyfill.io domain has taken new ownership. This has presented a new supply chain risk because they host the CDN for the polyfill JavaScript package. This will raise a new informational risk called "Polyfill.io or Polyfill.com Discovered"
Summary page added for Subsidiaries
For Breach Risk plans that include subsidiaries, we’ve added a Subsidiary Summary page to allow you to view the security posture of your subsidiaries in more detail, including category breakdowns and geolocation details. To learn more see What is the subsidiary summary page.
Other improvements
- This release includes a number of bug fixes