We are excited to announce updates to our vulnerability prioritization funnel, which will help you focus on vulnerabilities that pose a real danger to your business.
You can now track the number of issues at each stage as they progress up and down the priority funnel:
- All security issues across your applications
- Issues still pending resolution (i.e., not dismissed by your team)
- Issues exposed externally
- Issues discovered without implemented authentication
- Critical issues
- Issues with high business impact
For each stage, you'll find the vulnerability group and the corresponding quantity of issues. You'll be able to filter out each vulnerability and view the details of how it was found.
Why?
Before we added this feature, security engineers had to manually filter out high, medium, and low vulnerabilities without enough visibility into what needed to be fixed in their business context. This process could have been time-consuming, and business-critical API security issues could have slipped through the cracks —where should you focus your attention first?
With this feature, we aim to solve this issue and provide you with the following benefits:
- Enhanced Focus: By visualizing the vulnerabilities at each stage of the prioritization funnel, your team can easily identify and prioritize critical issues that pose the greatest risk to your business.
- Streamlined Workflow: Instead of manually tracking vulnerabilities, the automated funnel enables your team to efficiently allocate resources towards resolving high-priority issues, optimizing workflow and response times.
- Improved Risk Management: With greater visibility into the types and quantities of vulnerabilities, you can make more informed decisions regarding risk mitigation strategies, ensuring better protection for your applications and sensitive data.
- Accountability and Transparency: By documenting the journey of each vulnerability through the prioritization stages and its owner, you foster accountability within your team and promote transparency in your security processes, facilitating collaboration and communication.
Overall, this feature empowers your organization to address security threats efficiently!
Getting started
Here's how you can quickly prioritize fixes of all your vulnerabilities at a glance:
- In the left-hand sidebar, click Reporting.
- In the reporting view, click on the See all issues:
And that's it! You'll get a complete view of the total amount of all your vulnerabilities down and up the prioritization funnel:
By clicking on each stage, you can filter out the most critical issues to address and visualize the code owner responsible for each.
With these new updates, you should only be able to focus on fixing vulnerabilities that matter to your business. Try it out for yourself, and let us know what you think in our Slack community!
💡 Check out more product updates below:
- DAST Scanner: New features and improvements
- Compliance matrix
- Escape Rules – our new custom security tests
- API inventory – new features
*** This is a Security Bloggers Network syndicated blog from Escape - The API Security Blog authored by Alexandra Charikova. Read the original post at: https://escape.tech/blog/vulnerabilities-prioritization-funnel/