Sometimes, it is necessary that a finding or a vulnerability be removed from Integrates for different reasons. Nevertheless, in the security world, deleting information is not a good idea and it is always important to keep track of these events.
This is why we don’t delete the findings nor the vulnerabilities at Fluid Integrates. Instead, analysts can set any one of them to a “Deleted” state.
A justification must be selected as part of the process and the possible values depend on the entity that the analyst wants to hide. The following options are valid for both findings and vulnerabilities:
- It is duplicated: The finding or vulnerability had been reported previously.
- It is a false positive: After a review process, the finding or vulnerability was determined not to be so.
There is an option only for findings:
- Finding not required: The report was made for a system that no longer exists or for a finished project.
And for vulnerabilities there is also an additional choice :
- Error while reporting: Since a vulnerability can not be edited, this option must be selected if another vulnerability will be reported correcting it.