What is the official website of SoftExpert GRC ?

The official website of SoftExpert GRC is https://www.softexpert.com/pt-br/solucao/gestao-governanca-riscos-conformidade-grc/.

What is SoftExpert GRC's cybersecurity risk score?

SoftExpert GRC has an AI-generated cybersecurity risk score of 753 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has SoftExpert GRC experienced?

According to Rankiteo, SoftExpert GRC currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has SoftExpert GRC been affected by any supply chain cyber incidents ?

According to Rankiteo, SoftExpert GRC has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does SoftExpert GRC have SOC 2 Type 1 certification ?

According to Rankiteo, SoftExpert GRC is not certified under SOC 2 Type 1.

Does SoftExpert GRC have SOC 2 Type 2 certification ?

According to Rankiteo, SoftExpert GRC does not hold a SOC 2 Type 2 certification.

Does SoftExpert GRC comply with GDPR ?

According to Rankiteo, SoftExpert GRC is not listed as GDPR compliant.

Does SoftExpert GRC have PCI DSS certification ?

According to Rankiteo, SoftExpert GRC does not currently maintain PCI DSS compliance.

Does SoftExpert GRC comply with HIPAA ?

According to Rankiteo, SoftExpert GRC is not compliant with HIPAA regulations.

Does SoftExpert GRC have ISO 27001 certification ?

According to Rankiteo,SoftExpert GRC is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does SoftExpert GRC operate in ?

SoftExpert GRC operates primarily in the Software Development industry.

How many employees does SoftExpert GRC have ?

SoftExpert GRC employs approximately None employees people worldwide.

Does SoftExpert GRC own any subsidiaries ?

SoftExpert GRC presently has no subsidiaries across any sectors.

How many LinkedIn followers does SoftExpert GRC have ?

SoftExpert GRC's official LinkedIn profile has approximately 61 followers.

What is the NAICS classification code for SoftExpert GRC ?

SoftExpert GRC is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does SoftExpert GRC have a Crunchbase profile ?

No, SoftExpert GRC does not have a profile on Crunchbase.

Does SoftExpert GRC have a LinkedIn profile ?

Yes, SoftExpert GRC maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/softexpert-grc.

How many cybersecurity incidents has SoftExpert GRC experienced ?

As of June 23, 2026, Rankiteo reports that SoftExpert GRC has not experienced any cybersecurity incidents.

How many peer or competitor companies does SoftExpert GRC have ?

SoftExpert GRC has an estimated 30,166 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

SoftExpert GRC

Boost Score +25 with badge (5 left)

753

/1000

Fair

778

/1000

Fair

SoftExpert GRC Vendor Cyber Rating & Cyber Score

softexpert.com

Add Your Compliance Badge

SoftExpert GRC enables organizations to effectively integrate business strategy execution with compliance and risk management practices. As a result, managers can accomplish organizational goals while managing risks and ensuring that operations stay compliant with corporate policies, laws and regulations, such as SOX, COSO, COBIT, and ISO 31000. The solution interconnects all the main GRC elements – risks, controls, policies, laws/regulations, loss events, KRIs, KPIs, issues, assessments, action plans and audits. This enables companies to easily visualize how each GRC element affects other elements. The integrated approach of SoftExpert GRC removes many obstacles to implementing solutions and to unlocking the value of GRC for the entire

SoftExpert GRC A.I CyberSecurity Scoring

Scoring History

SoftExpert GRC

SoftExpert GRC CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

No data available

Loading…

A.I.

SoftExpert GRC Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for SoftExpert GRC

Incidents vs Software Development Industry Avg (This Year)

No incidents recorded for SoftExpert GRC in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for SoftExpert GRC in 2026.

Incident Types SoftExpert GRC vs Software Development Industry Avg (This Year)

No incidents recorded for SoftExpert GRC in 2026.

Incident History - SoftExpert GRC (X = Date, Y = Severity)

Loading…

SUBSIDIARY

SoftExpert GRC Subsidiaries

SoftExpert GRC

Software Development

Website: https://www.softexpert.com/pt-br/solucao/gestao-governanca-riscos-conformidade-grc/

Company Size: 201-500 employees

SoftExpert Software PortugalSoftware Development

SoftExpert FranceInternet Publishing

SoftExpert GermanySoftware Development

SoftExpert LATAMInternet Publishing

SoftExpert BrasilSoftware Development

Loading…

SoftExpert GRC Similar Companies

Alibaba.com

alibaba.com

The first business of Alibaba Group, Alibaba.com (www.alibaba.com) is the leading platform for global wholesale trade serving millions of buyers and suppliers around the world. Through Alibaba.com, small businesses can sell their products to companies in other countries. Sellers on Alibaba.com are typically manufacturers and distributors based in China and other manufacturing countries such as India, Pakistan, the United States and Thailand. Our Mission As part of the Alibaba Group, our mission is to make it easy to do business anywhere. We do this by giving suppliers the tools necessary to reach a global audience for their products, and by helping buyers find products and suppliers quickly and efficiently. One-Stop Sourcing Alibaba.com brings you hundreds of millions of products in over 40 different major categories, including consumer electronics, machinery and apparel. Buyers for these products are located in 190+ countries and regions, and exchange hundreds of thousands of messages with suppliers on the platform each day. Anytime, Anywhere As a platform, we continue to develop services to help businesses do more and discover new opportunities. Whether it’s sourcing from your mobile phone or contacting suppliers in their local language, turn to Alibaba.com for all your global business needs.

Red Hat

redhat.com

Red Hat is the world’s leading provider of enterprise open source solutions, using a community-powered approach to deliver high-performing Linux, hybrid cloud, edge, and Kubernetes technologies. We hire creative, passionate people who are ready to contribute their ideas, help solve complex problems, and make an impact. Opportunities are open. Join us.

Wolters Kluwer

cb wolterskluwer.com

Wolters Kluwer (EURONEXT: WKL) is a global leader in information, software solutions, and services for professionals in healthcare; tax and accounting; financial and corporate compliance; legal and regulatory; corporate performance and ESG. We help our customers make critical decisions every day by providing expert solutions that combine deep domain knowledge with technology. Wolters Kluwer reported 2024 annual revenues of €5.9 billion. The group serves customers in over 180 countries, maintains operations in over 40 countries, and employs approximately 21,000 people worldwide. The company is headquartered in Alphen aan den Rijn, the Netherlands. Equal Opportunity Employer To ensure we continue to drive innovation that enables us to develop products and services to best serve our customers, we cultivate a workplace culture rooted in mutual respect, bringing forward insights from a wide range of backgrounds, perspectives, and experiences. We are also committed to complying with laws requiring equal opportunity in hiring, promotion, and other employment decisions. All qualified applicants will receive consideration without regard to race, color, religion, sex (including pregnancy, gender identity, transgender status, and sexual orientation), national origin, disability, age, genetic information, veteran status, or any other characteristic protected by applicable law, and we do not tolerate discrimination on any of these bases. Beware of Recruitment Fraud! 🔒 Scammers may pose as Wolters Kluwer, offering fake job opportunities and requesting personal info or payments. Protect yourself: - Apply only via our secure Workday hub on our Careers page. - Our recruiters never ask for banking info or payments. - We don't use public email accounts (e.g., Hotmail, Yahoo, Gmail). Report suspected fraud: [email protected]. If you've made a payment, contact local authorities. Read more here - https://careers.wolterskluwer.com/en/recruitment-fraud-alert

GlobalLogic

globallogic.com

GlobalLogic, a Hitachi Group company, is a trusted partner in design, data, and digital engineering for the world’s largest and most innovative companies. Since our inception in 2000, we have been at the forefront of the digital revolution, helping to create some of the most widely used digital products and experiences. Our purpose is to positively impact society and the planet through cutting-edge technology. Together with our clients, we are engineering impact through intelligent products, platforms, and services that are designed for desirability, engineered for excellence, and curated for intelligence. Our people-first culture fosters shoulder-to-shoulder teamwork, supported by a unique lab model and flexible delivery options, including onshore, nearshore, and offshore solutions. We also prioritize environmental stewardship in our product development and are committed to leveraging the diversity of thoughts as a driver for business innovation, attracting and developing talent, and sustainable growth. We are proud of our global recognitions: Leader in the ISG Provider Lens™ Digital Engineering Services 2024 U.S. report Everest Group's Software Product Engineering Services Peak Matrix 2024 Star Performer in Major Contender in Everest Group’s Trust & Safety Peak Matrix 2024 2024 EcoVadis Silver Sustainability Rating Join us as we continue to shape the future of digital engineering and create lasting impacts for businesses and communities worldwide: globallogic.com

KPIT

kpit.com

About KPIT KPIT is reimagining the future of mobility, forging ahead with group companies and partners to shape a world that is cleaner, smarter, and safer. With over 25 years of specialized expertise in Mobility, KPIT is accelerating the transformation towards Software and AI-Defined Vehicles through its advanced solutions, platforms, and products—propelled by mobility-infused AI frameworks, software craftsmanship, and systems integration mastery. Vision in Motion Fueled by 2000+ vehicle production programs and powering 20+ million vehicles on the road with KPIT software, our experience in unmatched. At the same time, we push boundaries, developing solutions that enable Mobility OEMs to innovate at speed and scale. For more details, visit www.kpit.com

Bosch Global Software Technologies

bosch-softwaretechnologies.com

With our unique ability to offer end-to-end solutions that connect the three pillars of IoT - Sensors, Software, and Services, we enable businesses to move from the traditional to the digital, or improve businesses by introducing a digital element in their products and processes. Now more than ever, companies across the world are becoming rapidly aware of the potential and impact of modern-day digital technologies on customers, people, and organisational processes. We aim to empower and translate this realisation into a new reality for enterprises, leveraging our in-depth understanding of global business complexities, the risk of disruption that digital technologies bring, and the technology thought leadership that we have built over decades of experience at Bosch. Founded in 1997, we are a 100% owned subsidiary of Robert Bosch GmbH, with over 35,000 associates across the globe. [Data protection notice: www.bosch-softwaretechnologies.com/en/terms-of-use/data-protection-notice/ ]

Rakuten

cb rakuten.com

Rakuten Group, Inc. (TSE: 4755) is a global technology leader in services that empower individuals, communities, businesses and society. Founded in Tokyo in 1997 as an online marketplace, Rakuten has expanded to offer services in e-commerce, fintech, digital content and communications to 2 billion members around the world. The Rakuten Group has more than 30,000 employees, and operations in 30 countries and regions. For more information visit https://global.rakuten.com/corp/.

Expedia Group

expediagroup.com

At Expedia Group (NASDAQ: EXPE), we believe travel is a force for good – it opens minds, builds connections, and bridges divides. We create transformative tech that enables unforgettable experiences for all travelers, everywhere. Our trusted family of brands are known and loved by millions, and we power more trips than anyone else. To learn more about our vision of a more open world through travel, visit www.expediagroup.com. We’re committed to providing an inclusive and accessible recruiting experience for candidates with disabilities, or other physical or mental health conditions. If you require an accommodation or adjustment for any part of the application or recruitment process, please let us know by completing our Accommodation Request Form or contacting your recruiter. Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident about who they are. We do not send job offers via email, or any other messaging tools, to individuals we have not had prior contact with. Our email domain is @expediagroup.com. Our official careers website, where you can to find and apply for job openings, is careers.expediagroup.com/jobs. If you require customer service support to cancel, change or ask about a refund for your trip, you can connect with our 24/7 Virtual Agent through the following links: Expedia: https://www.expedia.com/helpcenter Hotels.com: https://service.hotels.com/en-us/ Vrbo: https://help.vrbo.com/ For additional assistance, direct message us on Twitter @ExpediaHelp with your itinerary number and email address: https://twitter.com/ExpediaHelp

UKG

ukg.com

UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips our customers with the intelligence to solve any challenge in any industry — because great organizations know their workforce is their competitive edge.

Loading…

NEWS

SoftExpert GRC CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-54236

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo str(exc) directly to clients without calling sanitize_message. The unsanitized sites include the Anthropic API router in vllm/entrypoints/anthropic/api_router.py (the POST /v1/messages and POST /v1/messages/count_tokens handlers), the Server-Sent Events streaming converter in vllm/entrypoints/anthropic/serving.py, and the realtime speech-to-text WebSocket in vllm/entrypoints/speech_to_text/realtime/connection.py. These paths catch the exception inside the route coroutine and construct the JSONResponse themselves, bypassing the sanitizing global FastAPI exception handler, and WebSocket frames do not traverse that handler chain at all. Using the same primitive as the parent issue, an unauthenticated attacker can send malformed image bytes through the Anthropic Messages API image content parts so that PIL.Image.open raises an UnidentifiedImageError whose message contains the BytesIO object repr, leaking the heap memory address verbatim in the error.message field of the response body. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 5.3)

cvss3

Base Score: 5.3

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score

1.4

Exploitability

3.9

REFERENCES

CVE-2026-54235

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: )

cvss4

Base Score: 6.9

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-54233

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 6.5)

cvss3

Base Score: 6.5

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score

3.6

Exploitability

2.8

REFERENCES

CVE-2026-54232

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index (flashinfer.ai/whl/) using --extra-index-url, but the package name was not registered on PyPI, and UV_INDEX_STRATEGY="unsafe-best-match" is set globally. An attacker who registers flashinfer-jit-cache on PyPI with version 0.6.11.post2 can execute arbitrary code as root during the Docker build and backdoor every resulting container image, enabling exfiltration of all user prompts, API credentials, and model data from production vLLM deployments This vulnerability is fixed in 0.22.1.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 8.8)

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

2.8

REFERENCES

https://github.com/vllm-project/vllm/security/advisories/GHSA-jrf6-vqxq-pjv2

CVE-2026-53923

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf/gguf_kernel.cu) causes partial tensor processing. The output tensor is allocated at full size via torch::empty (uninitialized memory), but the dequantize CUDA kernel processes only a truncated number of elements. The unfilled portion of the output tensor retains whatever was previously in GPU memory. In multi-tenant inference deployments, this residual GPU memory may contain tensor data from other users' inference requests, constituting information disclosure. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: )

cvss4

Base Score: 5.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…