Question
I had a misattributed asset (e.g., example.com) on my Scorecard and requested its removal. SecurityScorecard has reviewed and approved the removal. However, I noticed that findings related to this domain were still present. I submitted a remediation request to remove these findings, but SecurityScorecard declined with the message: "Remains on Scorecard."
How can I remove these findings now that the asset has been removed?
Answer
Removing a domain/IP and removing issue findings are separate processes. When a domain/IP is removed from the Digital Footprint, SecurityScorecard evaluates only whether it was misattributed, not whether any related findings are still valid.
In the above scenario, findings for example.com remain because the underlying issues (e.g., missing SPF record) still exists. These findings are considered valid as long as they can still be observed.
However, once example.com fully drops from your Digital Footprint, any associated findings will automatically decay and be removed from your Scorecard. Hence submitting a remediation request for Issue Finding is not necessary.
Comments
0 comments
Article is closed for comments.