UpGuard uses a variety of sources to determine the ownership of a domain. Think social presence, company websites, legal filings, crowdsourcing, and many more.
Once ownership is determined, we associate the domain with a vendor in the UpGuard platform. For context, each vendor has a primary domain that we see as their most important website.
This process of determining and associating domains allows us to group domains under a single vendor, as opposed to having each website be its own standalone vendor. Additionally, subdomains are grouped under the owner of the root domain.
For example, if the vendor UpGuard owns upguard.com, the subdomain help.upguard.com also falls under UpGuard.
In some situations, this may mean an asset that is managed by a third-party is identified under your or a vendor's profile. An example of this is this knowledge base which is hosted by Intercom.
While this website is hosted by Intercom, we believe it makes sense for it to fall under our profile in the UpGuard platform rather than Intercom's as our customers interact with and rely on it to get information about how to use our product. Any issues with this website are still a potential risk to our customers.
In this situation, risks that are identified by UpGuard's automated scanning can be resolved in a few ways. One potential option is to send a remediation request to the third-party that manages the asset, just as you would with any other third-party.
Another option is to create a risk waiver if you want to accept the risk. Please note that creating a risk waiver only impacts the score reported in your UpGuard account and doesn't remove the risk from your risk profile as seen by other UpGuard customers.