Request a vulnerability be dismissed as Zero Risk | Fluid Attacks Help

Request a vulnerability be dismissed as Zero Risk

Info on required role
Role required: User, Vulnerability Manager or Group Manager
Note on zero risk requests
Note: Zero Risk requests generated by members with the User role must be approved by a Vulnerability Manager or Group Manager before they are considered by Fluid Attacks. Without this member's approval, the reported vulnerability will break the build when Users attempt to deploy the system version containing it.

There is a treatment that you can request for any reported vulnerability when, according to a judicious analysis by your organization, said vulnerability poses no threat. This treatment appears as "Request zero risk" within the treatment options on Fluid Attacks' platform.

You can submit your request either from the vulnerability's information window or the window to edit vulnerabilities. The latter allows you to request the treatment for more than one vulnerability.

Follow these steps to use the "Request zero risk" option from the information window.
  1. In the Vulnerabilities section, click on the weakness in question to see its related vulnerabilities.

  2. Click on the intended vulnerability.
    3. Click on a vulnerability to see information on the Fluid Attacks platform

  3. In the information window, click on the Treatments tab.
    4. Access the Treatments tab on the Fluid Attacks platform

  4. Select Request zero risk from the Treatment dropdown menu.
    5. Find Request zero risk in the Treatments tab on the Fluid Attacks platform

  5. Write a justification for your request, optionally add or remove tags, and click the Confirm button.
    6. Write a justification in the Treatments tab on the Fluid Attacks platform
Fluid Attacks will read your justification to consider whether the vulnerability actually poses no threat at all, in which case Fluid Attacks will delete it from the Vulnerabilities table. However, if Fluid Attacks still considers there is risk caused by that vulnerability, then it will remain reported.

The following are the steps to request the treatment from the Manage treatments window.
  1. In the Vulnerabilities section, click on the weakness in question to see its related vulnerabilities.

  2. Tick the checkbox next to the reported vulnerability for which you want to assign the treatment. Then click on Edit treatment.
    3. Choose a vulnerability to edit it on the Fluid Attacks platform
    Advice on editing treatments in bulk
    If you want to assign the treatment "Request zero risk" to more than one vulnerability, tick their corresponding checkboxes and click the Edit button.
  3. Select Request zero risk from the Treatment dropdown menu.
    4. Find Request zero risk treatment option on the Fluid Attacks platform

  4. Add a justification for your request and update the remaining fields if needed.
    5. Add justification for the zero risk request on the Fluid Attacks platform

  5. Click on Confirm when you are done.
You can see Fluid Attacks' decision on your request in the Zero risk column.

Find Zero risk column on the Fluid Attacks platform
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.