Shellshock Part II: Are Your Third Parties or Vendors Vulnerable?

Debbie Umbach | October 2, 2014

BitSight Bash Vulnerability Test FeatureLast week we wrote about how to assess your risk and reduce your exposure when it comes to Shellshock.  While all other products and vendors are helping customers discover Shellshock within their own environment, we uniquely help customers understand whether the vulnerability exists within their supply chain.  Supply chain oversight is so fundamental that the Federal Financial Institutions Examination Council has already issued a warning to banks regarding their third party service providers, urging them to assess risk and “execute mitigation activities with appropriate urgency.”

To that end we have just added functionality to our products that can test for the presence of Shellshock vulnerability within the primary domain of a portfolio company.  Customers will be able to run a test on a vendor and get results back as to whether they have the vulnerability, as shown in the screen shot below.  If vulnerable, they can follow up with the vendor to ask them to take action to patch their systems.

This functionality further enhances the value of Security Ratings for customers who use BitSight to mitigate third party and vendor risk.  Benchmarking customers who may not have other tools on hand to test for Shellshock can also leverage this capability.

A preview of the Bash Shellshock Vulnerability panel in the customer portal:



Suggested Posts

What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...


Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs

Since 2017 BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against...


Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...


Subscribe to get security news and updates in your inbox.