This level of transparency has a couple of key benefits:
- Increases efficiency: Visibility into previously found vulnerabilities provides researchers insights to better focus their testing efforts so that they can submit more unique issues and fewer duplicates.
- Increases testing activity: Programs that share previously found vulnerabilities are seen as more appealing to researchers because they are more likely to be the first to find unique vulnerabilities and be rewarded.
Shared known issues appear on the program brief, are grouped by target, and categorized by VRT classification. Any issue with a status of triaged, unresolved, or duplicate will be visible to the researcher. Researchers can drill down into known issues by VRT classification.
The Known Issue counts are displayed in the Program Brief for all the submissions on those targets across one’s organization and not only for that program.
By default, the option to share known issues is not enabled. To enable known issue sharing, go to your Program Settings.
From the Program Brief tab, find the Known Issues section. Select the Display known issues count on program brief option. All P1-P4 issues classified as
won't fix, or
duplicate will be shared.
Click Update program to apply the changes.
When the researcher views the program brief, they can view the known issues in the Targets area. For more information, see Viewing Known Issues.