Software exposure assessment using Software Asset Management (SAM Foundation)
Use the ServiceNow® Vulnerability Exposure Assessment application to determine your total installed software count for a specific software package on your assets. When used with the ServiceNow® Software Asset Management (SAM) Foundation application, evaluate your exposure, create vulnerable items, and manage remediation for the vulnerable software you discover.
- When products do not yet have CVE data.
- When there is a lag between the time a vulnerability becomes publicly known and the CVE data with the vulnerability is updated in the NVD.
- When you learn about the vulnerability in-between the scheduled scans of your vulnerability scanner.
With the Vulnerability Exposure Assessment application, if you know the publisher and product for the vulnerable software, using the records that list the installed software in your network created by the SAM Foundation application, you can assess your exposure to potentially malicious software packages on-demand.
Knowing the scale of your exposure to this type of vulnerability permits you to proactively respond by implementing a red alert and uninstalling the software, or informing your security operations center (SOC) to look for a specific patch. You can create vulnerable items and assign tasks to the remediation specialist for further investigation remediation. View a remediation task (VUL) list to verify that the vulnerable items you want are created and associated correctly to the VUL.