Common Vulnerability and Exposures – or CVE – is a listing of known vulnerabilities in a piece of software. Commonly, you hear individual vulnerabilities simply refered to as a CVE. Part of our underwriting process looks for the presence of CVEs on insureds’ systems to help us assess how vulnerable your company is to certain kinds of cyber attacks. In most cases, you can eliminate CVE findings by simply updating your computers and servers. 

It’s important to note that CVE detection is not always accurate. That’s why Coalition engineers use CVEs as only one small piece of our underwriting platform and decision-making systems. If your cyber risk assessment report shows CVEs, we recommend you try to validate and remediate them as soon as possible.

For more detailed information about CVEs, you can visit

Did this answer your question?