Identify Security Risks Accurately: Unveiling Vulnerability Disclosure Sources in VMDR
In a significant move, Qualys, a leading provider of cloud-based security and compliance solutions, has announced the introduction of Vulnerability Detection Sources. This new feature, set to be available in Q3, 2025, for Qualys Policy Audit, aims to revolutionise decision-making, resource allocation, and remediation processes for organisations worldwide.
The Vulnerability Detection Sources in Qualys VMDR are based on over 25 unique threat and exploit intelligence sources. These sources integrate more than 190,000 CVEs with comprehensive vulnerability data, which is used in the Qualys Vulnerability Score (QVS) and Qualys Detection Score (QDS) to assess risk and detection capabilities. By prioritising vulnerabilities based on actual exploitation risk rather than just technical severity, Qualys is providing a more accurate and actionable risk assessment.
This new feature offers a complete detection history, including the full list of sources and the most recent one. It will enable faster, more precise corrective actions, improving audit readiness and reporting accuracy. With Policy Audit, users will be able to identify the exact sensor source that detected each compliance control failure.
To include source information, users can utilise the parameter vuln_detection_source=1. The endpoint for accessing Vulnerability Detection Sources is /api/4.0/fo/asset/host/vm/detection/.
This added visibility will help audit & compliance teams understand the true origin of misconfigurations or compliance failures. By providing a comprehensive view of the sources used in vulnerability detection, organisations can make informed decisions about their security posture and prioritise their efforts effectively.
Moreover, the Vulnerability Detection Sources feature is a strategic capability for organisations aiming to reduce their attack surface, prioritise external threats with increased TruRisk weighting, and eliminate risk with clarity and confidence. By integrating with external tools and dashboards via the Qualys API, this feature enables seamless integration into existing security workflows.
In conclusion, the Vulnerability Detection Sources feature is a significant step forward in enhancing security and compliance for organisations worldwide. By providing a clearer understanding of vulnerabilities and their sources, Qualys is empowering organisations to take faster, more informed, and more effective action to protect their assets and maintain compliance.
