User Guides
Managing Risks

Backport Resolvable Risks

3min

What is a backport resolvable risk?

Some components, such as Apache, use backporting to implement security patches. Backporting is a method where security patches or bug fixes from newer versions of a software component are applied to older versions. This approach ensures that the older version remains secure without the need to upgrade to the latest version, which might not be compatible with other parts of the system.

When your scan detects a component, such as Apache, through a web request to a web service it is hosting, the header provided by the server will contain the original version that was installed but will not state the security patches that have been installed. The scan will then look up any vulnerabilities for the found software header, irrespective of whether the security updates have been applied. A backport resolvable risk is a risk that is resolvable by backported security patches.

How does Hexiosec ASM handle backport resolvable risks?

By default, backport resolvable risks are labeled and included in your scan results. However, you have the option to exclude them in your settings within the scan menu, provided you have the group role of editor or above. When you change this setting, risk results will be immediately updated but Actions and Checks are recalculated and may take a few seconds to update in the app.

Should I include backport resolvable risks in my scan?

If you have access to the detected components with backport resolvable risks and can confirm that the security patches have been applied, you may want to exclude these risks from your scan. If you do not have access to the detected components, it is advisable to keep them included in your scan, until you have verified that the security patches have been installed.

By default, scans will include these risks. However, if you prefer to have them excluded by default, please contact us at [email protected] to adjust your settings.