Are detected vulnerabilities monitored?
Updated:2024-06-25
Are detected vulnerabilities continuously monitored regarding status changes?
The answer is yes!
Example: The notification page shows both added and removed vulnerabilities .
- MAIA/SBOMC detects a new vulnerability affecting a component that is included in several deliveries.
- All deliveries that have monitoring activated generate a notification message and email.
- When opening the NVD page, a undergoing reanalysis message is presented.
- We decide to wait for the result of the reanalysis before making any evaluations on the vulnerability.
- Ticking off the notification.
- A new notification message appears. Removed vulnerability messages this time. What does that mean?
- A previously detected vulnerability has been rejected, and all affected deliveries monitored in MAIA/SBOMC have been updated.