Support for subsidiaries in your vendor's Risk Profile

We've added support for viewing a vendor and its subsidiaries in its Risk Profile.

This view lets you see all the risks present across the vendor and its subsidiaries. Each of the identified risks has a severity, name, risk type, category, and a number of organizations impacted. By default, findings are sorted by severity, with critical severity items at the top.

You can drill down into each identified risk to see the impacted organizations and their associated domains. However, you will need to be monitoring the subsidiary as a vendor to request remediation or to waive the risk. You can do this by clicking Monitor vendor.

Additional SSL-based checks

We've added support for three new SSL-based checks:

1. Untrusted SSL certificate (informational severity): The certificate presented by this domain was not issued by a trusted certificate authority and therefore cannot be verified by browsers.
2. SSL certificate chain missing from server response (medium severity): There is an invalid or missing intermediate certificate. This can cause some browsers to break the padlock. An intermediate/chain certificate may need to be installed to link it to a trusted root certificate.
3. SSL expiration period longer than 398 days (medium severity): Certificates issued on or after September 1, 2020 must not have a validity period greater than 398 days. The certificate will need to be reissued with a maximum validity of 397 days.

Other fixes and improvements

• Creating vendors with no web presence is now available for all customers with vendors
• Added notification for news articles in Incidents & News
• Increased upload limit from 10MB to 50MB
• Added highlight for news articles tagged as Advisory in Incidents & News
• Improved handling of WAFs and CAPTCHA for our automated scanning engine
• Fixed issue causing inactive subdomains to not be scanned in some situations