Did you know SaaS now has its own CVE tag?
For years, vulnerabilities in SaaS services were hard to track – often without a CVE ID at all. That’s finally changing.
👉 The new exclusively-hosted-service tag tells you:
This issue affects only the hosted service (not on-prem).
In many cases, the provider has already fixed it – no customer patch needed.
Microsoft and Google are already using it. That means SaaS CVEs are now easier to find, easier to interpret, and easier to act on.
Why it matters:
Less noise. Better transparency. Smarter triage.
SaaS is the default – it’s about time our vulnerability management caught up. 🌥️🔐