Closed ncoblentz closed 1 month ago
securitytemplates
commented
1 month ago Hello Ncoblentz, You're right, I did intentionally 'blackbox' remediation in the diagram and didn't get to this level of detail. I think your point is fair that this should be more explicit.
What are your thoughts on this updated diagram?
ncoblentz
commented
1 month ago I think that looks great!
securitytemplates
commented
1 month ago I'll publish an update probably later in the month. Thanks for the constructive feedback!
securitytemplates
commented
1 month ago
This is a great resource! As I was looking at the templates for vulnerability management, I see steps to remediate a particular vulnerability, but not to validate the remediation solution was successful. In many organizations, the security issues are tracked by the security team in addition to a product/infrastructure team, and that security team wants to see evidence that the fix applied successfully resolved all the risk. You might consider adding a step like that to the vulnerability management template.