[CORE] Probability of report validity
Key changes
YesWeHack's vulnerability reports now includes a pre-triage banner to indicate organisations whether a report is likely to be valid.
Impact
Organisations can quickly identify reports with a high probability of not being valid, even if they have a high or critical CVSS score.
Audience
Users who have subscribed to a triaged solution
Usage
Go to the 'Vulnerability Center'
Open a vulnerability report
A section is displayed in the report’s bug description and the color of the CVSS has been changed.
ℹ️ Notes:
This section only appears on reports where the triage status is 'in progress' or 'awaiting information'.
It is retroactive to existing reports.
⚠️ This section doesn’t replace the assessment of the triage team. The report will be manually reviewed as part of the standard process.
ℹ️ Learn more about report validity probability here.
⬆️ [ANPT/CPT] List of CVEs related to a technology
Key changes
When you open a technology page, a new tab now lists all known CVEs for that specific technology.
Impact
Organisations can now gain a better understanding of the risks they are exposed to.
Audience
All Autonomous Pentest and Continuous Pentesting users
Usage
Go to the ‘Attack surface’ tab
Click on ‘Technologies’ in the left-side menu
Open a selected technology
A new tab now displays the ‘Vulnpedia’, listing all known CVEs for this specific technology
Users can click on each vulnerability to access its dedicated Vulnpedia page
⬆️[ANPT/CPT] Asset description
Key changes
Organisations can now add a functional description to their assets, which is displayed on the Primary Assets and Hosts pages to improve asset management.
Audience
All Autonomous Pentest and Continuous Pentesting users
Usage
Go to the 'Attack surface' tab
Click on 'Primary Assets' in the left-side menu
Open a primary asset
Click the pencil icon next to 'Description'
ℹ️ This field is optional.
Enter your description
Click on 'Edit'
ℹ️ This field is also visible and editable from the 'Host tab'.
[MISC]
[HUNTER] When a wallet uses only one currency, dashboards now hide the unused currency to reduce unnecessary information.
[ANPT] When the number of reports indicated in the header of a host page is higher than the number displayed in the Vulnerability Report tab, a hover tooltip is now displayed to help organisations better understand the reason for these differences.
