Patched software overview

The new vulnerabilities progress chart from last week is extended with a table showing which vulnerabilities from the previous week are no longer seen. If a vulnerability is no longer seen, it can be because it is patched, or because the website could not be scanned.

If a vulnerability is patched, you will see the new version number detected, or just the name of the software in cases where the version could not be determined. If the website could not be scanned because it was not up, or returned an error, the table shows "not seen". You can investigate the details yourself by clicking on the url.

The urls you see are specific for an ip address, since a website can be hosted on multiple servers. There are cases where your website runs in the cloud and appears on always changing ip addresses. In that case, the new cloud websites are compared against the old, and the comparison based on a specific ip address is not done.

There are probably some more edge cases that can result in weird results. If you find one, please report it :-)

Vulnerabilities progress chart

The main thing of the current update is the stacked bar chart showing the number of vulnerabilities over time. They are stacked by severity (CRITICAL, HIGH, etc.) and you can see the last 4 weeks and two months ago. You'll want to see the height of the bar going down of course, that would indicate a shrinking attack surface.

If you want to see which specific vulnerabilities you need to patch first to reduce you attack surface the most, have a look at the My vulnerabilities overview. The ones at the top are causing the biggest risks.

New: Shared hosting report

There is a new report available in the report library that shows third party websites running on shared hosting where your websites are hosted too. These third party websites could be a security risk or damage your brand reputation, so you should have a look at them regularly.
You can also look up the shared hosting for your organization directly with this magic query:

$shared_hosting_report last_seen>-7d

If you find trouble, contact the hosting company and ask them to organize the shared hosting in such a way that the offending website is not sharing a host with your website anymore. Another option of course is using dedicated hosting.

Also, completely unrelated to shared hosting, with this weeks update everyone running a group account can now manage all users from the subaccounts in the groupaccount too.