Vuln Tracker is a simple application packing a powerful message, showing overdue vulnerabilities by asset group. Vulnerability scanners are essential tools, however they don't make it easy to report on the age of vulnerabilities. We're excited to introduce Vuln Tracker, a small web app dedicated to communicating the age of active vulnerabilities and those overdue per policy. The benefit is increased accountability to drive acceptance or mitigation decisions. Vuln Tracker also includes features to define a Service Level in days. Thus, you have one report showing overdue vulns per asset group, by severity.
Simple Report, Simple Workflow
Vuln Tracker doesn't overlap with any of your scanner's existing features. Follow these steps and you'll be aging vulnerabilities in no time:
Paste in your existing asset group owners and IP address ranges.
For each asset group, assign a duration in days, per severity level. This duration should be a pre-negotiated Service Level between the Asset Group Owner and the Security team.
Upload your regular scans.
As with all the Caliber applications, Vuln Tracker includes a visual report to communicate vulnerability age. Select the best view to communicate your vulnerability management progress:
All active vulnerabilities by age.
All overdue vulnerabilities.
All active vulnerabilities by group.
All overdue vulnerabilities by group.
The screenshot below shows the Report tab with the Group Overdue view selected. This view enables a candid conversation with the Asset Owner to understand why open vulnerabilities are overdue and determine the best course of action for the business, either accept or mitigate.
Vuln Tracker currently supports scan uploads from Nexpose, Nessus, and Qualys. Contact firstname.lastname@example.org to help us end the debate of which vulnerability scanner to support next!