v3.2.0 | Reporting Enhancements

Release Date: April 5, 2024

Hey everyone,

Exciting news for hunters and organization users of the Secuna Platform!

We at Secuna are constantly looking for ways to make vulnerability management become more productive for our users. While we still have a long way to go, we have started with some baby steps towards this direction by implementing some major improvements in our core reporting module.

💬 Add Optional Comments When Performing Change Actions on Reports

In our previous version, performing change actions (such as status, severity, etc.) on reports are separate from comments. After analyzing user behavior in the Secuna Platform, we have found out that users often want to add a short comment to provide context on why such change has been made and this comment is being done as a separate action which affects the user’s overall productivity. This friction in the user experience also makes some users to not provide any additional context at all, which introduces a reduced clarity in the communication between the organization users, hunters, and the Secuna team.

In this release, we have now added a comment box in each change action feature which allows users to add insights about the change that they are about to make in just one simple click which improves overall information sharing and communication among all the relevant parties or users involved in a report.

📎 Attachments on Comments

When collaborating on reports, it is sometimes necessary for users to attach files (photos, videos, documentation, source code, scripts, builds, etc.) to give additional information or context to other users investigating a report.

What users do is that they communicate outside the Secuna Platform to turn over files as necessary. This adds additional friction with the overall productivity as users context switch from one application to another and files can easily be buried under messages of various topics in the other communication channels.

With our latest update, you don’t need to communicate outside of the Secuna Platform to ask or share these files! You can now upload these files as attachments in your comment on a report, keeping the context of the conversation on that specific report alone.

🚥 Additional Change Status Options for Hunters

Previously, hunters can only change the status of a report to Refix or Fix Confirmed when it has already been tagged as Retest. Other than, hunters do not have any additional capability to change the status of a report.

However, it is a common situation where hunters or a triager may tag a report as Needs Info or be Reopened to open a discussion about the report to all parties, especially during the retesting phase.

To make the communication workflow more seamless, we have added the Needs Info and Reopened to the condition (together with the Retest) that allows the hunters to change the status of a report. This way, hunters can proceed with their retesting if they already got the additional information they need. Additionally, we also added Needs Info as a valid option for hunters to tag a report with as they see fit to communicate with the triager that the hunters need something from them to proceed with their tasks on the report.

📖 Learn More About Vulnerability Types (CWEs)

The Secuna Platform uses the Common Weakness Enumeration as a standard library for classifying a report’s vulnerability/weakness type. We understand that some vulnerability types may be a technical jargon that sometimes a technical or non-technical person may not understand.

To easily provide more information about the vulnerability types as documented by MITRE , we now have added direct links to the CWEs to allow users to read the full documentation about the vulnerability type and gain a deeper understanding on it.

🔠 Multiple Selection of Affected Assets

When reporting or triaging a vulnerability, there are instances where the same issue affects multiple assets. In the previous version, there is only a one-to-one relation between a report and a single asset so when the exact same vulnerability is discovered in other assets, hunters tend to submit another report, which is technically a duplicate but only the affected asset is changed. This causes confusion and may easily be overlooked when the organization starts working on a fix for the vulnerability already.

To make it easier for organizations to associate the same vulnerability report to all affected assets, we now support the selection of multiple assets when hunters initially submit their report. Similarly, triagers can also now select multiple assets when changing the assets of a report if the same vulnerability is later discovered in the other affected assets.