Shellshock Part II: Are Your Third Parties or Vendors Vulnerable?

Last week we wrote about how to assess your risk and reduce your exposure when it comes to Shellshock.  While all other products and vendors are helping customers discover Shellshock within their own environment, we uniquely help customers understand whether the vulnerability exists within their supply chain.  Supply chain oversight is so fundamental that the Federal Financial Institutions Examination Council has already issued a warning to banks regarding their third party service providers, urging them to assess risk and “execute mitigation activities with appropriate urgency.”

To that end we have just added functionality to our products that can test for the presence of Shellshock vulnerability within the primary domain of a portfolio company.  Customers will be able to run a test on a vendor and get results back as to whether they have the vulnerability, as shown in the screen shot below.  If vulnerable, they can follow up with the vendor to ask them to take action to patch their systems.

This functionality further enhances the value of Security Ratings for customers who use BitSight to mitigate third party and vendor risk.  Benchmarking customers who may not have other tools on hand to test for Shellshock can also leverage this capability.

A preview of the Bash Shellshock Vulnerability panel in the customer portal: