Learn about the latest product updates improvements in the SecurityScorecard platform.
Some features mentioned in this article may only be available with a paid SecurityScorecard plan. See our plans page for more information about levels of features and access.
December
Japanese Language Support
We have significantly expanded Japanese language support across key areas of the SecurityScorecard platform. Full Japanese language support is now available for critical platform sections, including Risk Quantification, Communication, Automation, and Threat Intelligence.
MAX Executive and Board Dashboard
The new MAX Executive dashboard communicates the value of the service with an open text field for delivery teams to summarize key trends to executive stakeholders and 4 new widgets that report on risk reduction. The previously available dashboard is now the Operations dashboard.
Learn more about the MAX Executive and Board dashboard
Enhanced Export Options for Questionnaires
We've enhanced the ability to bulk export both full questionnaires and high level-statistics like completion percentage, recipient information, and due date. This enables you to track outgoing questionnaires on a macro level, as well as makes it easier to download questionnaire data for external analysis or archiving.
November
ChatSSC
ChatSSC is an agentic AI chatbot that you can use to answer critical questions about an organization's exposure to supply chain risks, potential breach impacts, and probable attack vectors, providing data for executive-level risk prioritization.
Breach Susceptibility Indicator
The Breach Susceptibility Indicator (BSI) is a new analytic that uses both an organization’s current and past cybersecurity posture combined with size and digital footprint to provide our most predictive breach measurement.
Learn more about the Breach Susceptibility Indicator
October
October 21 Scoring Recalibration
This scoring recalibration includes a decrease in the impact of 8 issue types and an increase in the impact of 2 issue types.
Learn more about this scoring recalibration
Add a Company Button improvement
Immediately enter company information by following a new call-to-action workflow prompt that appears after adding a company within All Companies.
Learn more about managing vendors using All Companies
August
European Union Vulnerability Database (EUVD) ID's added to CVEDetails
The European Union Vulnerability Database (EUVD) has been added as a new data source, allowing you to see EUVD IDs as alternative identifiers on relevant CVE pages.
Sunset of Legacy Features: Public Scorecards, SecurityScorecard Connect, and Chrome Extension
As of August 27, 2025, SecurityScorecard will remove some legacy features from the platform:
- Public Scorecards have been fully deprecated. Trust Centers now serve as the primary way to share Scorecards externally.
- SecurityScorecard Connect, a deprecated menu link pointing to an inactive community portal, has been removed from the navigation.
- The SecurityScorecard Chrome Extension has been delisted, score and grade information can be accessed directly through the platform.
These changes were made to reduce confusion, eliminate unused interfaces, and reinforce the use of supported tools going forward. No customer action is required unless you previously shared public scorecard URLs. In those cases, we recommend updating links to Trust Centers.
Learn more about the sunset of legacy features
July
Automatic Vendor Detection transformation to Supply Chain Detection
Automatic Vendor Detection has been updated to offer enhanced incident triage, clearer detection evidence, stronger relationship confidence, and improved 4th-party monitoring.
Learn more about Automatic Vendor Detection
Improved role-based access controls (RBAC) for Questionnaires
This enhancement gives you complete control over user access to questionnaires and their features using RBAC.
Learn more about RBAC for Questionnaires
New value metrics for MAX dashboard
4 new or updated widgets are now available on the MAX dashboard. The layout of the widgets can now be customized as well.
Learn more about the MAX dashboard
June
Show Compensating Controls Upfront
Acceptable compensating controls are listed upfront within the UI (“Resolve Issue Finding”) before a customer submits remediation beforehand.
Audit Log for Custom Scorecards
You can now review historical changes in your custom scorecard with an audit log which shows what exactly has changed, by whom and when.
Bulk Actions for Custom Scorecards
You can now use one-click bulk actions (assigning, adding to portfolio, deleting etc.) for managing custom scorecards at scale.
All Companies API
The All Companies API empowers customers to efficiently organize, track, and scale their management of monitored entities, leading to more efficient data handling and improved oversight of their security posture.
Learn more about All Companies API
Smart Answer AI
Improvements to Smart Answer AI for questionnaires include new onboarding and better source tracking, further enabling customers to answer up to 85% of their questions using AI.
Learn more about Smart Answer AI
SecurityScorecard for Vendor Risk Management V2.4 on ServiceNow Marketplace
Customers experience enterprise-grade performance, enhanced usability, and deeper intelligence integration to their third-party risk workflows, as well as support for both Classic UI and the “Next Experience” to ensure a seamless experience across all ServiceNow environments.
Learn more about SecurityScorecard for Vendor Risk Management V2.4
Future Signals
Future Signals such as exploitable products and CVEs, along with Exposure Indexes (Vulnerability, Critical Service, Social Engineering, Ransomware) are now viewable in the “Portfolios” section. These signals empower security teams to be proactive in managing future risk and prevent costly breaches.
Learn more about future signals
May
Daily scanning cadence
An organization’s digital footprint is now scanned on a daily basis. This enhancement is available for paying customers and the organizations they follow.
Learn more about daily scanning cadence
Customize Industry for Custom Scorecards
Customer admins can edit the Industry Name for each custom scorecard – so that the correct industry reflects while reporting on Custom Scorecards and can do industry comparison for their business units.
Learn more about customizing industry for Custom Scorecards
April
Rapid Issue Remediation for Custom Scorecard
Custom scorecard remediations will now update the custom scorecard score in less than 1 hour from approval.
Watch List Customers Upgraded to NEW! Unlimited | Partial Monitoring
Existing Watch List customers were upgraded to our new Unlimited | Partial Monitoring on April 15th. You do not need to take any action. Please contact your Customer Success Manager to learn more about this exciting upgrade and the duration of your organization’s access.
Learn more about managing your vendors using All Companies
Questionnaires Preferred Answers
You can now easily find inadequate responses to single-select and multi-select questions by marking responses as "Preferred" and filtering the results.
Learn more about sending questionnaires to vendors
New Questionnaire Sending Flow
The questionnaire sending workflow has been restructured. You can now easily recognize where your are in the process, what links to send to vendors, and how credits are used.
Learn more about sending questionnaires to vendors
Sunsetting Desktop Analytics
The Desktop Analytics capability has been sunset due to low usage and data availability.
March
New Actionable Notification Center
Notifications now include comprehensive information, allowing you to quickly assess the situation and take appropriate action, such as forwarding the alert to the relevant team member or resolving the issue directly.
Removing duplicate findings for the same CVE
A bug was showing duplicate findings with the same CVE and description in both Medium and High patching cadence categories, incorrectly impacting scores. This has been fixed.
Communicating compensating controls across all issues
SOC teams can now communicate compensating controls for every issue via the user interface. Before, only a limited amount of issues could be resolved by indicating the presence of compensating controls.
Enhanced visibility of global rules
The Rule Builder now features enhanced visibility. Each rule now displays key information including: a description, trigger type, manager, recipient, and an on/off toggle, allowing for quick adjustments. You can also search for and review the actions executed by the Rule Builder.
SecurityScorecard PaloAlto Cortex XSOAR v 1.0.12 Release Now Available
The new version of the PaloAlto Cortex XSOAR integration now provides issue-level findings details, giving SOC teams deeper context into security issues detected across their own organization and suppliers. With this enhancement, security analysts can access granular, actionable data directly in XSOAR, streamlining investigations and accelerating response times using XSOAR security playbooks.
Learn more about SecurityScorecard for Palo Alto Cortex
February
New Grip Security integration
The new integration with Grip Security enables security teams to monitor newly discovered or critical SaaS vendors in Grip for continuous assessment in SecurityScorecard, ensuring up-to-date and proactive risk management across SaaS suppliers.
Learn more about integrating with Grip Security
Exposing complete SSL Cert evidence
You can now obtain all the SSL Cert evidence that SecurityScorecard has used to discover and attribute IPs or subdomains. This data is available as a PEM file that can be downloaded from the attribution evidence section of the Digital Footprint.
Getting Started with Vendors experience
Two new sections have been added to the Getting Started Page:
- Work with other companies: A singular view to see your requests like receiving action plans and questionnaires
- Learn the basics: Understanding your score, reviewing your digital footprint, inviting team members
Measuring vendor responsiveness improvement
You can now track the average amount of time questionnaires spent in each stage of the questionnaire lifecycle. This data is displayed on the Status of questionnaires sent widget within the Vendor Engagement dashboard.
New communication tools: Contact Manager and Request Log
The Contact Manager is a centralized contact management solution that enables you to create, read, update, and delete contact information for both internal and external contacts. To access navigate to Communication > Contact Manager.
The Requests Log provides you with comprehensive invitation management so you have visibility and traceability into vendor or client communication through SecurityScorecard. To access, navigate to Communication > Requests Log.
One-click flow for subdomain refute
When you click on a subdomain, you now receive instant information about how it was attributed to the attack surface as well as how to manage it.
Learn more about adding and removing subdomains
Sunsetting Scoring 2.0 for API users
Support for Scoring 2.0 data via the Platform API and Bulk Data API is sunsetting on February 6, 2025. After this date, Scoring 2.0 data will no longer be available via the Platform API or Bulk Data API.
Learn more about these updates to the Bulk Data and Platform API
SecurityScorecard ServiceNow ITSM v 3.1.1 is Now Available
The new version of the ServiceNow ITSM integration includes:
- Support for ServiceNow Xanadu release
- Description Risk and Recommendations format now reads as standard text. This text was previously in JSON format and more difficult to read.
Learn more about SecurityScorecard for ServiceNow IT Service Management
SecurityScorecard PaloAlto Cortex XSOAR v 1.0.10 Release Now Available
The new version of the PaloAlto Cortex XSOAR integration addresses issues noted in commands used by security teams to create security automation from SecurityScorecard risk intelligence. This release has refactored the following commands to work with our current alert generation system:
- Securityscorecard-alert-grade-change-create
- Securityscorecard-alert-score-threshold-create
- Securityscorecard-alert-delete
- Securityscorecard-alerts-list
Learn more about SecurityScorecard for Palo Alto Cortex
January
SSL cipher update
The cipher suite supported by platform.securityscorecard.io was updated from TLSv1.2_2018 to TLSv1.2_2021. In order to continue using the SecurityScorecard platform, you must use an up-to-date browser that supports the secure ciphers from the TLSv1.2_2021 suite.
Learn more about this cipher update
In-platform Incident Likelihood Assessments and Remediation Plans for MAX
Incident likelihood reports and remediation plans are now created and consumed within the platform and the appropriate findings data is kept up to date.
Learn more about the MAX dashboard
Comment on issues for your subsidiaries
Admins from parent organizations can now comment on issue findings and make it visible for their subsidiary organizations. An updated hierarchy is a pre-requisite for this.
Learn more about updating your hierarchies
Slack private channel support
You can now configure the Slack integration to send sensitive alerts to private channels.