* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [CAS](https://www.paloaltonetworks.com/blog/cloud-security/category/cas/)
* Elevate Cybersecurity wit...

# Elevate Cybersecurity with PRISMA IDs

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprisma-ids-vulnerability-management%2F)  
[](https://twitter.com/share?text=Elevate+Cybersecurity+with+PRISMA+IDs&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprisma-ids-vulnerability-management%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprisma-ids-vulnerability-management%2F&title=Elevate+Cybersecurity+with+PRISMA+IDs&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/prisma-ids-vulnerability-management/&ts=markdown)  
\[\](mailto:?subject=Elevate Cybersecurity with PRISMA IDs)  
Link copied  
By [Sharon Ben Zeev](https://www.paloaltonetworks.com/blog/author/sharon-ben-zeev/?ts=markdown "Posts by Sharon Ben Zeev")  
Aug 22, 2023  
4 minutes  
[CAS](https://www.paloaltonetworks.com/blog/cloud-security/category/cas/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Open Source](https://www.paloaltonetworks.com/blog/tag/open-source/?ts=markdown)  
[Vulnerability Management](https://www.paloaltonetworks.com/blog/tag/vulnerability-management/?ts=markdown)

In the cybersecurity maze, finding and addressing vulnerabilities is like chasing shadows. Every point of weakness opens a door to potential threats. While many organizations rely on the CVE system to identify and track these threats, the CVE system can leave you exposed. Why? Because vulnerabilities slip through the cracks. Let's explore how.

## Not All Vulnerabilities Have a CVE ID

**Full Disclosure**

Vulnerabilities need to go through a responsible disclosure process, which begins with security researchers reporting found vulnerabilities to the vulnerable project safely. Disclosure policies usually hold a 90-day (60-120 days) disclosure deadline. Vulnerability details can be publicly shared after this deadline, or earlier if a fix becomes available.

But vulnerabilities for which a responsible disclosure process has not been carried out still exist, and many have been openly discussed on public platforms like GitHub prior to receiving a CVE. Researchers or developers often voice their concerns, perhaps due to nonresponsiveness from project maintainers or perhaps without realizing they're describing a vulnerability within the responsible disclosure process.

For example, let's look at issue [#3555](https://github.com/gin-gonic/gin/issues/3555) in the github.com/gin-gonic/gin repository, which discloses a security issue. While this issue was introduced on April 1, 2023, a CVE was assigned to this issue only on May 11 and fully analyzed in NVD on June 16. Meanwhile, on April 24, we posted PRISMA-2023-0066 to cover the gap, 17 days before the CVE and 53 days before the National Vulnerability Database (NVD) analysis.
![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/08/word-image-303001-1.png)
Figure 1. Timeline for CVE-2023-29401

**Quick Fixes**

Developers may patch a vulnerability without recording a CVE. Their reasons vary --- from avoiding negative attention to arguing that the responsibility to fix it belongs to the user and not the project. Or maybe they reason that an issue requiring only a minor fix isn't worth the CVE process.

At Prisma Cloud, rather than initiating a dispute process for all cases, we lean toward providing an advisory notice to Prisma Cloud customers --- using PRISMA IDs.

## The Role of PRISMA IDs

PRISMA IDs are not zero days. They represent security issues publicly discussed or fixed but not assigned a CVE (yet).

While monitoring open-source vulnerabilities, our research team identifies those you need to be aware of and, when applicable, assigns PRISMA IDs to them. From 570 vulnerabilities assigned PRISMA IDs, 60 have been replaced with a CVE ID approximately 108 days on average after publishing the PRISMA ID. This list also includes critical vulnerabilities, such as [SpringShell](https://www.paloaltonetworks.com/blog/prisma-cloud/recent-spring-vulnerabilities/) ([CVE-2022-22965](https://nvd.nist.gov/vuln/detail/CVE-2022-22965)), [CVE-2023-25813](https://nvd.nist.gov/vuln/detail/CVE-2023-25813) (`sequlize`) and [CVE-2022-25845](https://nvd.nist.gov/vuln/detail/CVE-2022-25845) (`com.alibaba:fastjson`).

Let's consider another example, noting the timeline of CVE-2021-4279 for the npm package fast-json-patch:
![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/08/word-image-303001-2.png)
Figure 2. Timeline for CVE-2021-4279

Our team assigned PRISMA-2021-0103 213 days before the fix rolled out, and 498 days before a CVE was published and analyzed in NVD. All this time, longer than a year, we tracked the vulnerability under its PRISMA ID, keeping our users informed and proactive. Interestingly, the vulnerability had been used in a CTF challenge, and an [unmerged PR](https://github.com/Starcounter-Jack/JSON-Patch/pull/262) in the JSON-Patch Project's [repository](https://github.com/Starcounter-Jack/JSON-Patch) --- referenced by PRISMA-2021-0103 --- was even mentioned in a few [CTF write-ups](https://ctftime.org/writeup/28600#:~:text=However%20this%20protection%20is%20not%20enough%20to%20guard%20against%20prototype%20pollution!%20A%20patch%20has%20been%20proposed%20months%20ago%20to%20fix%20the%20vulnerability%2C%20but%20has%20never%20been%20merged%3A%20https%3A//github.com/Starcounter%2DJack/JSON%2DPatch/pull/262).

## Why Create PRISMA IDs?

Through PRISMA IDs, we're able to equip you with high-impact information to fortify your defenses. Think about the rise in supply chain attacks. If our researchers can pinpoint these security issues, attackers can too. A vulnerability lacking a CVE ID isn't likely to trigger security scanners. PRISMA IDs serve as your early warning system.

\*\*Selective Assignment:\*\*We assign PRISMA IDs only when necessary. If a project disputes the 'vulnerability' classification of an issue, we might still consider it important for you to know about. You may, for instance, need to validate certain parameters or use other tools.

\*\*Timeline Efficiency:\*\*Our PRISMA IDs get to you well before CVEs, allowing you to act on vulnerabilities faster.

## Stay One Step Ahead with Prisma Cloud

Cloud security can seem like a cat-and-mouse game. Prisma Cloud lights up the vulnerabilities in your open-source code and helps you outpace potential threats. Thanks to our Unit 42 researchers' work, you can map your attack surface and protect your organization from new vulnerabilities.

If you'd like to learn about [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud/cloud-infrastructure-entitlement-mgmt), take it for a [free 30-day test drive](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial).

*** ** * ** ***

## Related Blogs

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Managing Vulnerabilities in Unstable Releases and Cutting-Edge Packages With Prisma Cloud](https://www.paloaltonetworks.com/blog/cloud-security/securing-unstable-releases/)

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown)

[#### From PRISMA-ID to CVE: Identifying Open Source Vulnerabilities](https://www.paloaltonetworks.com/blog/cloud-security/open-source-vulnerabilities/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Open Source Vulnerability Management for Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/open-source-vulnerability-management/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud: Leader in the GigaOm Radar for Vulnerability Management](https://www.paloaltonetworks.com/blog/2021/05/cloud-leader-in-gigaom-radar-vulnerability-management/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Introducing XSIAM 3.0](https://www.paloaltonetworks.com/blog/2025/04/introducing-cortex-xsiam-3-dot-0/)

### [API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/api-security/?ts=markdown), [Application Security](https://www.paloaltonetworks.com/blog/cloud-security/category/application-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [Code to Cloud](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud/?ts=markdown)

[#### API Security and Threat Intelligence Reduce Attack Surface in Prisma Cloud Workload Protection Release](https://www.paloaltonetworks.com/blog/cloud-security/api-security-threat-intel-reduce-attack-surface/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language