We regularly scan the Internet with the purpose of discovering outdated software as well as security vulnerabilities that could be used by real attackers. We use this information to improve BitSight’s Security Ratings service and better evaluate the security performance of an entity or a country.
We also understand the tremendous positive benefit of this information when made available to the right people. Therefore we freely share high impact vulnerability information with regional authorities that can coordinate an effective response, such as country-wide CSIRTs (Computer Security Incident Response Teams) and other authorities. We make some of this information available to entities that we scan upon request at no charge (see www.bitsight.com for details).