Findings are the foundation of how Titan Secure detects, organizes, and communicates security risks. This article presents the core concepts and shows how findings are presented differently to Vendor Risk Management (VRM) teams and Vendors, depending on their goals.
What are Findings?
Findings are detected security weaknesses or vulnerabilities.
- For Vendor Risk Management (VRMs): Findings reflect risks across your vendor ecosystem.
- For Vendors: Findings reflect risks found on your own public-facing assets.
Titan Secure continuously scans and monitors all assets using SecurityScorecard's proprietary scanning technology.
Key terminology
We use Findings and Finding Groups to provide a clear, organized structure for managing security risks across your digital footprint.
Findings Group
A collection of individual findings that share the same root cause or finding name (For example, all instances of CVE-2016-xxxx). This allows for collective management and is the default view.Finding
A single instance of a security finding tied to a specific asset (for example, SSL/TLS Service Supports Weak Protocol).
How findings appear to different users
While the underlying data is the same, the display and prioritization of findings are tailored to the unique goals of each user role.
For VRMs: Supply Chain Findings
The Supply Chain Findings view provides a high-level assessment of risks across every monitored vendor and supports early risk detection, prioritization, and more efficient coordination with vendors.
NEED NEW SCREENSHOT
You can use this view to:
Quickly assess the most critical risks affecting your supply chain by sorting by Threat level.
Understand which finding types (for example, vulnerabilities or misconfigurations) appear most frequently.
Click into any Findings Group to see detailed asset-level impact.
Filter by company, last seen, or portfolio to focus on the vendors that matter most.
For Vendors: My Findings (Remediation Focus)
The My Findings view shows all detected findings on your own public-facing assets and helps you prioritize remediation work.
NEED NEW SCREENSHOT
You can use this view to:
Track all findings affecting your organization.
Prioritize based on Requestor so that the most frequently requested issues surface first.
Filter by Status to see what’s Open, Pending, or Resolved.
Focus on improving customer trust by addressing high-impact issues first.
How to navigate findings
Titan Secure is designed to take you from a high-level group to a granular asset detail in three steps.
Step 1: Start at the Findings Group level
This is the main list shown to both VRMs and Vendors.
Each row represents one Finding Group.
A Group contains multiple findings that share the same name (e.g., a CVE or a misconfiguration type).
Step 2: Open a Findings Group
Clicking into a group shows you a list of individual Findings, each representing a single detected instance of the issue. A Group may contain many findings if the same issue appears across multiple assets.
This is where you can perform actions on your findings, such as flag a finding or request remediation.
Step 3: Select a finding to view details
Selecting an individual row, like dummysite.com, opens the Findings Detail Panel.
NEED NEW SCREENSHOT
This panel contains the:
-
Overview tab
Displays an overview of the finding, along with key fields, a description, and, if available, a recommendation for remediation. In addition, you will see additional data specific to the type of finding. -
Activity tab
Shows a detailed timeline of status changes, flagging, vendor responses, and VRM actions.
Finding types
Findings fall into high-level categories to help you quickly understand the nature and potential impact of the identified security issue.
| Type | Definition |
| Vulnerabilities | Known software weaknesses (such as CVEs) that could be exploited to gain unauthorized access or disrupt systems. |
| Application Misconfigurations | Errors or unsafe settings in web or cloud applications (e.g., exposed admin panels or missing authentication). |
| DNS Misconfigurations | Issues with a vendor’s DNS records that may expose services to hijacking or cause domain misdirection. |
| Information Leak | Accidental exposure of sensitive information such as credentials or internal data appearing on public sites or repositories. |
| Insecure Endpoints | Open ports or services on a vendor’s network that are accessible without proper encryption or authentication. |
| Out-of-Date Products | Software or platforms running outdated versions that lack the latest security patches. |
| Potential Compromise | Evidence suggesting a vendor system or domain may already be compromised. |
| Typosquatting | Domains registered that closely resemble a vendor’s legitimate domain which can be used for phishing or impersonation attempts. |