The contents of this page supplement the Qualys New QID Development, Prioritization, and Feature Request Process.
Qualys vendor and product vulnerability detection coverage are dynamic. We are constantly expanding our list of supported vendors and products.
The static table below includes, but is not limited to, the vendor and product technologies Qualys has determined to be commercially viable and recurringly supports through the release of vulnerability detection signatures (QIDs).
If you cannot locate a specific vendor or product in the list below, please contact 24/7/365 customer & technical support, or your Technical Account Manager (TAM), to request additional information.
The table also offers insights into the estimated detection delivery time. The clock begins with an actionable vulnerability release and ends with the production release of vulnerability detection coverage (QID).
Following is the list of technologies that fall under the Recurring Vulnerability Coverage Criteria as defined by the Qualys Vulnerability Research Team. All technologies listed have a Targeted Release Timeline (Hours) of 48-72 from the time a vendor releases a security advisory, unless otherwise specified.
Please take note of the technologies in highlighted rows as these have additional prerequisites1 that must be satisfied that extend the Targeted Release Timeline (in hours) to 72+.
The Qualys Vulnerability Research Team aims to meet the delivery targets listed below whenever possible; exceptions should be expected. Please direct any questions regarding delivery targets to your Technical Account Manager (TAM) directly to request additional information.
Table Last Updated: 2022-12-06
Table Last Updated: 2022-12-06
1 Qualys prerequisites for Less Pervasive Vendor/Product Vulnerability Management New QID Feature Requests
CVE carries a CVSSv3.x base score of 7.5 or greater, and
CVE is not associated with a third-party package, BIOS/Firmware/Driver, plugin, or extension, and
The Qualys Research & Development Lab team must be able to procure, deploy and maintain the required target(s) for the vendor/product associated with the CVE.
Note: Vendor/Product assessment will be required to ascertain if the vendor/product is commercially viable.