We are looking at a stepped process to improve the engine by building out an exception process, improving performance and reducing false +ve's.
One of our first steps for that will be to put in some status options to let you manually classify and filter. To that end our first step will be the ability to set the status to ignore/omit/exclude, extending later with the ability to set to resolve, add exceptions, dates and finally have the back end engine recognise patches better.
It's that first step I was hoping for some thoughts from the people who will be using the product - what makes the most sense to you in terms of naming?
Do we set the value to
All opinions gratefully received
I always like the the term 'add an exception', I think this makes it clear what you're doing. The term 'ignore' just feels like your simply ignoring the alert/vulnerability rather than accepting it's there and adding it as an exception due to either it being false positive, or due to acceptance of the risk because of, for example not being able to patch.