We currently use Fluid Rules as baselines for customer’s doubts and feedback, but when we report a vulnerability on Integrates, we use a
Finding format (e.g.
FIN.S.0076. Insecure session management)
what if we disclosure the list of finding, detailing what does every finding mean, and if it concerns to security or hygiene. Thus, when a customer asks for further explanation about a certain finding we could show a generic explanation about the finding and the Fluid Rules that was infringed. Also, we could use this information to help new talents to get familiar with our testing model.
I’m not sure about where this list should be in case of being published, maybe on a “Wiki” section for Integrates, or on our website.
I would like to hear your opinions about this