.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
NetWitness Service Level Objective (SLO) and Common Vulnerabilities and Exposures (CVE)
Tags: Documentation
The Service Level Objective for Common Vulnerabilities and Exposures (CVE) are listed in this section.
NetWitness shall use commercially reasonable efforts to roll out a fix within the period specified:
- Column 1: CVE Status
- Column 2: Duration
- Column 1: Critical
- Column 2: 30 days
- Column 1: Major
- Column 2: 60 days
- Column 1: Moderate
- Column 2: 120 days
- Column 1: Minor
- Column 2: 120 days
About CVE Score and NetWitness Score
You can learn how NetWitness Product Security Team uses a new internal vulnerability scoring method called NWSS (NetWitness Security Score). Using NWSS, the NetWitness Product Security team assesses the vulnerability's actual severity score defined within the scope of NetWitness.
NWSS is calculated based on the CVSS 3.1 scoring system. These details are being tracked in corporate defect tracking system (Jira).
Scoring is based on CVE score and NWSS (NetWitness Score):
- Score > = 9.0 = Critical
- Score > = 7.0 & < = 8.9 = Major
- Score > = 4.0 & < = 6.9 = Moderate
- Score < = 3.9 = Minor