⏮️Reviewing Submissions
Description:
Introduction: After your organization is set up and submissions start coming in, it's essential to have a streamlined process for reviewing them. This ensures that vulnerabilities are correctly identified and addressed.
Purpose: Reviewing submissions helps maintain the integrity of your platform by identifying and mitigating potential security threats.
Content:
Steps to Review Submissions:
Access Submissions:
Navigate to the "Vulnerability Reports" section from your dashboard.
The Report in Which Action Has not been taken will be in "Triaged" else if the Report is Rejected You can find it in "Reject" section else if the Report is Rewarded You will find it in "Rewarded" Section.
Filter submissions based on status (Critical (P1), Severe(P2), Moderate(P3), Low(P4), Informational(P5), Bookmarked ).
Initial Review:
Check the details provided by the researcher.
Assess the validity of the submission (Is it a real vulnerability?).
Verify if the submission has already been reported.
Detailed Analysis:
Reproduce the issue in a controlled environment.
Analyze the potential impact and severity of the vulnerability.
Document the findings and steps to reproduce.
Communication:
Provide feedback to the researcher by adding Comments.
Request additional information if needed.
Update the submission status (e.g., Sent To Development, Ready For Revalidation, Risk Accepted, Vulnerability Closed).
Guidelines:
Clear Documentation: Ensure all findings and actions are documented for future reference.
Timely Responses: Aim to review and respond to submissions promptly.
Collaboration: Work with your team to analyze complex submissions.
Common Issues and Solutions:
Duplicate Submissions:
Cross-check new submissions against existing ones.
Notify the researcher if the issue has already been reported.
Incomplete Information:
Request additional details from the researcher.
Provide clear guidelines on the required information.
FAQs:
How do I access past submissions?
Use the filter options for "Triaged, Rewarded, Rejected" section to reports.
What if I can't reproduce the issue?
Communicate with the researcher for more details.
Collaborate with your technical team for assistance.
Contact Support:
If you encounter any issues, please reach out to our support team at support@comolho.com.
Last updated