Request a vulnerability be dismissed as Zero Risk
Role required: User, Vulnerability Manager or User Manager
Note: Zero Risk requests generated by members with the User role must be approved by a Vulnerability Manager or User Manager before they are considered by Fluid Attacks. Without this member's approval, the reported vulnerability will break the build when Users attempt to deploy the system version containing it.
There is a special Treatment that you can request for any reported vulnerability when, according to analysis and consideration taken by your organization, said vulnerability poses no threat. This Treatment is called Zero Risk. In order to make a Zero Risk request you can take the same steps taken to assign a normal treatment.
After choosing to give a Zero Risk Treatment to the selected vulnerability you only need to add a Treatment justification. This information will be used by Fluid Attacks to consider whether the vulnerability actually poses no threat at all, in which case the vulnerability will be deleted. However, if Fluid Attacks still considers there is a risk caused by that vulnerability, then it will remain reported.
You can also apply Zero Risk to several vulnerabilities simultaneously by selecting them in the check box on the left side and clicking the Edit button.
There you select the treatment, giving a single justification for all the vulnerabilities you selected.
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.