Vendor Scorecards & Other Terms

Vendor Scorecards

Percentage of a vendor's CVEs that have available patches.

Average number of days between CVE publication and patch availability.

Letter grade (A-F) based on patch rate, response time, and critical gap count. Higher grades indicate better security responsiveness.

Number of days since a CVE was published without a patch being available.

The specific software version that contains the patch for a vulnerability.

Range of software versions vulnerable to the CVE (e.g., "< 2.17.0" or "1.0.0 - 1.5.3").