Cloudbase Updates Timeline Feature for Vulnerability Management
Cloudbase Inc. has updated the vulnerability timeline feature for its domestic CNAPP 'Cloudbase.' The update visualizes the history of vulnerability priority and status changes, improving operational transparency and efficiency.
📋 Article Processing Timeline
- 📰 Published: May 25, 2026 at 19:10
- 🔍 Collected: May 25, 2026 at 10:31
- 🤖 AI Analyzed: May 25, 2026 at 22:43 (12h 11m after Collected)
Cloudbase Inc. (Headquarters: Minato-ku, Tokyo; CEO: Koya Iwasa) announced an update to the timeline feature of its domestic CNAPP platform 'Cloudbase' (covering CSPM, SBOM, and vulnerability management), allowing users to view new event information.
This update makes it easier to track the history behind changes in vulnerability assessments, supporting more sustainable and practical vulnerability management.
### Development Background
In vulnerability management across cloud and on-premises environments, there is a growing need not only to list vulnerabilities but also to understand the 'why' behind priority changes and the 'when' behind status transitions.
Particularly in risk-based prioritization frameworks like SSVC, assessments can change based on external factors such as exploit status, exposure, and the potential for automated attacks. Consequently, there has been an increasing demand from customers to 'continuously track the reasons for assessment changes.' Cloudbase implemented this update under the belief that correctly grasping the reality of operations and the history of changes is essential for building a sustainable security system.
### Update Details
With this update, users can now view the following information in the 'Events' and 'All' tabs of the vulnerability timeline:
- Status changes (Unresolved / Resolved / Resource Deleted)
- Changes in the decision tree used for SSVC assessment
- Exploitation cases
- Resource exposure status
- Potential for automated attacks
- Changes in SSVC assessment results
*Note: Changes in 'resource importance' are not displayed on the timeline.
This enables users to chronologically confirm the background behind changes in vulnerability priority and the series of events leading to the current state.
### About SSVC
SSVC (Stakeholder-Specific Vulnerability Categorization) is a framework proposed by the Software Engineering Institute at Carnegie Mellon University for determining vulnerability response priority. Unlike evaluations of the vulnerability itself, such as CVSS base scores, it determines priority based on various factors, including public exploit status, ease of attack, exposure of the detected resource, and resource importance.
### Expected Effects
This update allows security personnel to accurately grasp the background of state transitions and priority fluctuations. It supports more practical vulnerability management operations, such as:
- Identifying the timing of changes in risk response priority
- Reviewing the history for incident response or audits
- Continually improving risk assessment processes
- Sharing the rationale for decisions among operational teams
This update makes it easier to track the history behind changes in vulnerability assessments, supporting more sustainable and practical vulnerability management.
### Development Background
In vulnerability management across cloud and on-premises environments, there is a growing need not only to list vulnerabilities but also to understand the 'why' behind priority changes and the 'when' behind status transitions.
Particularly in risk-based prioritization frameworks like SSVC, assessments can change based on external factors such as exploit status, exposure, and the potential for automated attacks. Consequently, there has been an increasing demand from customers to 'continuously track the reasons for assessment changes.' Cloudbase implemented this update under the belief that correctly grasping the reality of operations and the history of changes is essential for building a sustainable security system.
### Update Details
With this update, users can now view the following information in the 'Events' and 'All' tabs of the vulnerability timeline:
- Status changes (Unresolved / Resolved / Resource Deleted)
- Changes in the decision tree used for SSVC assessment
- Exploitation cases
- Resource exposure status
- Potential for automated attacks
- Changes in SSVC assessment results
*Note: Changes in 'resource importance' are not displayed on the timeline.
This enables users to chronologically confirm the background behind changes in vulnerability priority and the series of events leading to the current state.
### About SSVC
SSVC (Stakeholder-Specific Vulnerability Categorization) is a framework proposed by the Software Engineering Institute at Carnegie Mellon University for determining vulnerability response priority. Unlike evaluations of the vulnerability itself, such as CVSS base scores, it determines priority based on various factors, including public exploit status, ease of attack, exposure of the detected resource, and resource importance.
### Expected Effects
This update allows security personnel to accurately grasp the background of state transitions and priority fluctuations. It supports more practical vulnerability management operations, such as:
- Identifying the timing of changes in risk response priority
- Reviewing the history for incident response or audits
- Continually improving risk assessment processes
- Sharing the rationale for decisions among operational teams
FAQ
Cloudbaseの脆弱性タイムライン機能のアップデート内容は?
脆弱性のステータス変更、SSVC判定に使用される決定木の変化、悪用事例、リソース公開状況、攻撃自動化可能性、SSVC判定結果の変更などを時系列で確認可能になりました。
SSVCとはどのようなフレームワークですか?
米カーネギーメロン大学ソフトウェア工学研究所が提案した、脆弱性の悪用状況や公開状況、リソースの重要度など複数の外部要因を基に、対応優先度を判定するフレームワークです。
今回のアップデートで期待される効果は?
セキュリティ担当者がリスク対応の優先度が変化したタイミングや判断根拠を正確に把握でき、インシデント対応や監査時の経緯確認、運用チーム間での判断根拠の共有が円滑になります。
Cloudbase社が提供するサービスの概要は?
AWS、Azure、GCP、Oracle Cloudといったマルチクラウドおよびオンプレミス環境のセキュリティリスクを統合的に監視・管理できるCNAPPプラットフォームを提供しています。
脆弱性タイムラインで表示されない項目はありますか?
「リソースの重要度」の変化についてはタイムラインには表示されません。