Vulnerability states

In this article, we look into the different states a vulnerability can be in on the PentServ platform.


Description

These are the different states a vulnerability can be in:

  • Triaging: The vulnerability has just been identified and will be verified by the project leader soon.
  • Pending Fix: The vulnerability has been confirmed, and a fix is developed by the customer.
  • Ready for Recheck: The customer has deployed a fix which will be rechecked by the finder of the vulnerability.
  • Fixed: The vulnerability has been fixed.
  • Accepted Risk: The risk is marked as accepted risk by the customer and will not be fixed.
  • Out of Scope: The vulnerability is not in the scope of the pentest.
  • Declined: The vulnerability has been declined, e.g. for being a duplicate or other reasons.
Flow diagram

The following graph shows the possible flow of the states:

...
Vulnerability state flow chart.