Whisbi executes internal audits each six months generating a report that take into account the overall risk profile based on a Common Vulnerability Scoring System rating (CVSS – Common Vulnerability Scoring System SIG)
The below table provides the risk rating mapped to CVSS and our mitigation timescales objectives.
|Rating||CVSS score||Mitigation timescales|
|Critical||9.0 – 10.0||Mitigation schemes should be applied as soon as is operationally possible and take precedence over any scheduled changes|
|High||7.0 – 8.9||Mitigation schemes should be applied as soon as is operationally possible alongside any scheduled changes to be included in the next quarterly release|
|Medium||4.0 – 6.9||Fix in the next regular security release (bi-annual)|
|Low||0.0 – 3.9||Fix in service releases or new system designs|