Metrics for Vulnerability Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
I'd like to be able to deep dive into how long a vulnerable item has been in an open state before being closed. Vulnerable items from Tenable tend to reopen (along with another manually created integration we have), so I can't always go off the first found to last found, or last opened to close date.
So what I'm asking, is how would I set up a metric to calculate the time between open and close so that in the example below, I would see that the vulnerability was open for a total of 92 days and an average of 30.67 days before remediation. Conversely, has anyone done this where it's calculated on the First Seen and Last seen from the detection (so that we aren't waiting out the "Stale" period)?
| Open | Close | Total Open | Average | Total |
| 8/15/2025 | 10/21/2025 | 67 | ||
| 10/29/2025 | 11/15/2025 | 17 | 30.67 | 92 |
| 12/1/2025 | 12/9/2025 | 8 |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
A reliable approach is to measure each Open → Closed cycle separately, rather than relying on the first open date and final close date. That way, reopening's are handled cleanly and your numbers stay accurate.
The First Seen / Last Seen dates are still useful, but they’re better suited for exposure analysis rather than remediation time.
Overall, state-based metrics are the most accurate and maintainable way to track how long vulnerabilities remain open when reopenings are possible.
@D_SantiagoHQY Mark Solution Accepted and Thumbs Up if you find Helpful!!
