Limit CVSS score range to accept vulnerabilities

Problem to solve

Groups members could accept low or high score vulnerabilities and go live whitout fix these vulnerabilities.

Intended users

All Integrates users

User experience goal

Define upper and lower CVSS score range that the vulnerabilities could be accepted. Nothing outside of that range can be accepted.

Proposal

Through an organization administrative panel, a user could set the CVSS score range in that the vulnerabilities could be accepted. That range applies to all groups in the organization, and none finding outside that range can be accepted.

This setting applies to temporal and eternal acceptation flow.

Ej:

• Vulnerabilities higher than CVSS 7 can't be accepted.
• Only Vulnerabilities beetwen CVSS 3 and CVSS 7 can be accepted.

Permissions and Security

This range must be set by a manager or equivalent.