I’ve recently started a new role and one of my jobs now is to mange the remediation of vulnerabilities from scans and pentests.
How does everyone else keep track of this?
Are there any paid for services that can do this? I’ve thought about building something in power apps but thought I’d ask the question beforehand

Share This Discussion

1 Comment

  • TomOwens

    October 14, 2021

    What tools are you using?

    Some tools, like Qualys (for dynamic and infrastructure scanning) or Black Duck (third-party dependencies) have remediation tracking features available. You can keep track of potential vulnerabilities across scans and track false-positives or remediations. Depending on your tools, you may also be able to get (or build) an integration with your issue tracking tool, like Jira or GitHub issues.

    It’s harder for things like penetration tests outsourced to a third-party. What I do now is use Confluence to store the reports and link findings to Jira issues. Putting the Jira issues on the Confluence page and using labels to be able to query for issues generated from penetration tests can also be helpful.

    If you’re using a different knowledge base software or issue tracker, you may have different options available.

    Reply

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.