Qualys Enterprise TruRisk™ Platform (VMDR) v2.4

Limited Customer Release Notes

Version 2.4

May 31, 2025 

TruRisk™ Scoring Enhancement

This Limited Customer Release (LCR) enhances the TruRisk™ Score configuration by excluding potential and non-running kernel vulnerabilities from your risk scoring. This update improves the precision of your TruRisk™ metrics without altering the core algorithm.

This update:

• Focus exclusively on confirmed, active vulnerabilities to better reflect your actual operational exposure.
• Eliminate low-impact and theoretical vulnerabilities that clutter your risk view.
• Avoid unnecessary remediation by excluding non-actionable vulnerabilities from scoring.
• Enable teams to prioritize threats that truly matter, enhancing overall risk management.

Key Changes

Exclusion of Potential Vulnerabilities

The TruRisk™ score will no longer include potential QIDs in the Average Score and Count metrics.

Exclusion of Non-Running Kernel Vulnerabilities

The TruRisk™ score will now exclude vulnerabilities associated with non-running kernels from its calculation.

How It Works

To see these changes in action, follow these steps:

1. Contact your Technical Account Manager (TAM) to enable this feature.
2. Once the feature is enabled, run a new vulnerability scan to apply the changes.
   This scan updates your asset data and prompts TruRisk™ to recalculate scores using the updated logic. After the scan completes, TruRisk™ automatically excludes potential and non-running kernel vulnerabilities from risk scoring, ensuring your metrics reflect only confirmed and relevant threats.

The core TruRisk™ algorithm remains the same, but the Average Score and Count metrics will be adjusted to ensure they more accurately reflect actionable risk.