Inherit Vulnerability Status


  • Community Moderator

    By default the entries in the list of applications are collapsed.
    So users can not see the security status of bundled applications.
    This can be dangerous if a bundled app has vulnerabilities.

    The security status of Microsoft Office 2016 is OK.

    Inherit_Vulnerability_Information_01.png

    Then I expanded Microsoft Office 2016 to check if all bundled programs are listed.
    Here I saw that two bundled applications have known vulnerabilities.

    Inherit_Vulnerability_Information_02.png

    This information is not shown by default (when the entry is collapsed).
    So you should inherit the vulnerability status from the bundled applications to the parent (main) application.
    Means: if one of the bundled apps is insecure then the main app should also be insecure.

    This way users see at once that the whole package (application and all bundled applications) is insecure.