Shellshock Part II: Are Your Third Parties or Vendors Vulnerable?
Debbie Umbach | October 2, 2014
Last week we wrote about how to assess your risk and reduce your exposure when it comes to Shellshock. While all other products and vendors are helping customers discover Shellshock within their own environment, we uniquely help customers understand whether the vulnerability exists within their supply chain. Supply chain oversight is so fundamental that the Federal Financial Institutions Examination Council has already issued a warning to banks regarding their third party service providers, urging them to assess risk and “execute mitigation activities with appropriate urgency.”
To that end we have just added functionality to our products that can test for the presence of Shellshock vulnerability within the primary domain of a portfolio company. Customers will be able to run a test on a vendor and get results back as to whether they have the vulnerability, as shown in the screen shot below. If vulnerable, they can follow up with the vendor to ask them to take action to patch their systems.
This functionality further enhances the value of Security Ratings for customers who use BitSight to mitigate third party and vendor risk. Benchmarking customers who may not have other tools on hand to test for Shellshock can also leverage this capability.
A preview of the Bash Shellshock Vulnerability panel in the customer portal:
On March 4th, BitSight released
Peer Analytics, the newest advanced analytics module from the leader in security ratings. This allows organizations to better understand and
manage their security performance in relation to their industry...
Just like in previous years, BitSight will be at RSA Conference 2019 — and we’re looking forward to seeing everyone there. Join us from March 4-8 in the Moscone Center’s South Hall at Booth #3434 in San Francisco, CA — we will be demoing...