Overview
At SecurityScorecard, we are committed to providing the most accurate and up-to-date view of your security posture. As part of a recent quality assurance audit, we identified a processing latency affecting a specific subset of our scanning data, which affected some Scorecards.
While this delay predominantly affected TLS Weak Protocol findings, it also impacted the timely reporting of a few other distinct issue types. To ensure your score reflects your true security posture without causing unmanageable volatility, we are rectifying this via a controlled, phased rollout of these findings.
What is Changing?
We have resolved the underlying processing delay. However, rather than introducing all pending findings at once—which could result in sudden, significant score drops—we are releasing the data in increments.
Starting January 28, 2026, we will reintroduce approximately 10% of the affected findings per business day over 10 business days.
Phased Rollout Schedule
This graduated approach is designed to provide security teams with better visibility and manageable remediation workflows.
Start Date: Wednesday, January 28, 2026
End Date: Tuesday, February 10, 2026
Method: Daily re-introduction of ~10% of pending findings.
Impact on Scorecards
During this period, customers may notice the following:
New Issue Appearances: You may see an increase in the count of findings under Issue Types. While these will largely be TLS Weak Protocol issues, you may also see increases in other issue categories.
Score Fluctuations: Depending on the volume of findings associated with your digital footprint, you may experience a gradual decrease in your score or your vendor’s scores.
Remediation: These findings are valid security risks based on our scanning criteria. As they appear, they can be remediated via the standard resolution workflow.
Why are we doing this?
Our priority is to balance data integrity with operational stability. By spreading the release of these findings over two weeks, we aim to:
Mitigate Volatility: Avoid "cliff-edge" score drops that create confusion for executive reporting.
Enable Workflow: Allow security teams to triage and remediate incoming findings in manageable batches rather than facing a backlog all at once.
Ensure Accuracy: Ensure your Scorecard accurately reflects the current state of your external attack surface.
Next Steps
No immediate action is required to enable this update. However, we recommend the following:
Monitor your Scorecard: Check your Issues tab daily starting Jan 28 to identify any newly populated findings.
Alert your Team: Inform your internal security operations team that they may see a steady influx of issues over the next two weeks.
Review Vendors: Be aware that your third-party vendors may also be subject to this update, which could influence their scores in your Portfolio.
Note: If you believe a specific finding is incorrect, please utilize the standard Remediate option within the platform. If you have urgent concerns about a significant impact on a score, please contact SecurityScorecard Support.