This was asked on the LS360 sessions a couple of weeks ago. Unfortunately due to tech issues I wasn't able to see the question. As such I thought i'd try and give an answer here.......but also ask for suggestions.
At the moment my basic vision is
- Improve the basic filtering and exporting of data
- Look to allow the user to mark an asset attached to a cve as 'resolved' or 'ignored'
- Will try and do some sort of bulk update to make that easier
- Think for ignore we will try and treat that like an exception so may look for a date the exception is valid from and a comment
- Over time will also look to try and automate setting some of items to 'resolved'
- Look at other risk profiles e.g. business risk (using your view on how important something is) as well as exploitablity risk e.g. has some actually explored this vulnerablity
In the next couple of weeks I'll try and get some mock ups posted to try illustrate the ideas.
For now however really appreciate any thoughts and feedback or other suggestions.
