Finding Submission Process

There are two ways to start the finding submission process. By Highlighting code during a Code Reviewor clicking the "New Finding" button in the top right corner of the Findings section.

To submit a finding the following fields must be filled unless optional.

• Severity: Extent of the damages or consequences caused if this were to be exploited. This metric is a product of other factors like Likelihood and Impact, it helps in understanding how critical the vulnerability is and determine the urgency of the remediation efforts. Severity levels often range from Critical (causing severe damage, such as loss of funds, denial of services, system failures..) to Low (resulting in minimal impact with no severe consequences).

• Likelihood (optional): The probability of this vulnerability being exploited or triggered.

• Impact (optional): Potential consequences if this were to be exploited or triggered.

• Title: A concise label or headline for the finding. The title should be informative and quickly convey the essence of the vulnerability, making it easy for anyone to understand the nature of the issue at a glance.

• Description: A detailed explanation which must clearly describe the existence of a problem, its cause and consequences using any available means to communicate the point such as tests, proofs of concept or Diagrams & Formulas.

  • Select template: Standard templates providing a structured writing format.

When the finding is submitted it will be displayed in the Findings section of the interface.