Qualys Enterprise TruRisk Platform (VMDR) v2.4

Limited Customer Release Notes

Version 2.4

May 31, 2025 

TruRisk Scoring Enhancement

This Limited Customer Release (LCR) enhances the TruRisk Score configuration by excluding potential and non-running kernel vulnerabilities from your risk scoring. This update improves the precision of your TruRisk metrics without altering the core algorithm.

This update:

• Focus exclusively on confirmed, active vulnerabilities to better reflect your actual operational exposure.
• Eliminate low-impact and theoretical vulnerabilities that clutter your risk view.
• Avoid unnecessary remediation by excluding non-actionable vulnerabilities from scoring.
• Enable teams to prioritize threats that truly matter, enhancing overall risk management.

Key Changes

Exclusion of Potential Vulnerabilities

The TruRisk score will no longer include potential QIDs in the Average Score and Count metrics.

Exclusion of Non-Running Kernel Vulnerabilities

The TruRisk score will now exclude vulnerabilities associated with non-running kernels from its calculation.

How It Works

To see these changes in action, follow these steps:

1. Contact your Technical Account Manager (TAM) to enable this feature.
2. Once the feature is enabled, run a new vulnerability scan to apply the changes.
   This scan updates your asset data and prompts TruRisk to recalculate scores using the updated logic. After the scan completes, TruRisk automatically excludes potential and non-running kernel vulnerabilities from risk scoring, ensuring your metrics reflect only confirmed and relevant threats.

The core TruRisk algorithm remains the same, but the Average Score and Count metrics will be adjusted to ensure they more accurately reflect actionable risk.