Vulnerability states

In this article, we look into the different states a vulnerability can be in on the PentServ platform.

Description

These are the different states a vulnerability can be in:

• Triaging: The vulnerability has just been identified and will be verified by the project leader soon.
• Pending Fix: The vulnerability has been confirmed, and a fix is developed by the customer.
• Ready for Recheck: The customer has deployed a fix which will be rechecked by the finder of the vulnerability.
• Fixed: The vulnerability has been fixed.
• Accepted Risk: The risk is marked as accepted risk by the customer and will not be fixed.
• Out of Scope: The vulnerability is not in the scope of the pentest.
• Declined: The vulnerability has been declined, e.g. for being a duplicate or other reasons.

Flow diagram

The following graph shows the possible flow of the states: