Design: Explore remediation tracking for vulnerabilities
Today, users are unable to track the progress and work done to fix or remediate a vulnerability, leaving them to find sub-optimal ways to attain this information.
Tracking the progress toward remediation for a vulnerability is a critical part of Risk-Based Vulnerability Management. Without this capability, our users are in the dark when it comes to an understanding when a vulnerability will be remediated and if intervention is needed due to an unforeseen operational challenge or hurdle.
Tracking remediation can be implemented into all phases of the vulnerability life cycle:
When I am managing vulnerabilities for my organization, I want to quickly identify remediations that are slipping, so I can take escalation action and avoid missing an SLA or worse, have my organization breached.
- AppSec Analyst/Engineer
- SecOps Analyst/Engineer
Potential solutions to explore
- Remediation progress indicators/visual timeline
- Quick identification of the SLA for a vulnerability
- Alerts if an SLA is upcoming or as passed
- Ability to auto-generate an SLA date based on the severity
- Todo notifications on mention in a vulnerability
- Ability to see what is blocking a remediation from release