Here, we will validate the incoming reports. We will check if these reported vulnerabilities are actually a vulnerability or just a false positive.
As the bottom, you can see 'Action' section, here we will validate all incoming reports.
Here are the details of those Actions.
Here's a video tutorial on how to triage and add reward for the report.
- 1.DUPLICATE: If the vulnerability has been reported already.
- 2.NOT APPLICABLE: If the vulnerability or report is not applicable or invalid.
- 3.TRIAGED: If the vulnerability is valid and accepted.
- 4.WON'T FIX: If the vulnerability poses an acceptable risk.
- 1.There are few other STATUS which is only available after the report has been 'TRIAGED'
UNRESOLVED: If the vulnerability has been accepted and has been assigned to the developer for the fix. After this status, you will be able to add a reward for the report.
RESOLVED: Once the reported vulnerability has been fixed you can change the vulnerability status to fixed.
You will encounter many duplicate submission/report at the program so it will be hard to manage dupldate but you can do it easily by using the search vulnerability at Duplicate.
To Add a report to duplicate:
CHANGE STATUS > DUPLICATE
You will notice that all the vulnerability report will contain some sort of vulnerability severity as per the report prespective but we need to set to the correct position on the basis of the customers. Using this action, you can change the current report severity of the submission
- 1.CRITICAL: If the vulnerability has a critical impact on the customers assets/business.
- 2.HIGH: If the vulnerability has a high impact on the customers assets/business.
- 3.MODERATE: If the vulnerability has a moderate impact on the customer assets/business.
- 4.LOW: If the vulnerability low impact on the customer assets/business.
- 5.INFORMATIONAL: If the vulnerability has an acceptable risk for the customer.
If you have another team member at your organization to validate those incoming reports then you can assign reports to your team member.
If the reporter has reported the vulnerability with unlike vulnerability type then trigger or customer can adjust the vulnerability type using this action.
if the report has reported the report title with some error or bit different then the actual vulnerability then trigger or customer can update or adjust the vulnerability title using this action.
If the report description doesn't meet the information to validate the subimssion then you can add 'Need More Info' flag to the report which mean you are request reporter to add more information to the report which will be easy to validate the submission.
If the reporter spam report with the unnecessary comments then you can lock the report and disable reporter from further commenting on the report.
NEW > TRIAGED > UNRESOLVED > ADD REWARD
Add your reward amount on input and click on 'Submit'. Once you click on it, you have to change payment gateway to complete the payment.
Currently, we only support eSewa and Fonepay.
Once you make your payment, you will be redirected to the payment complete page.
And now, you have successfully completed the payment.