Do you find it helpful to know the total types of vulnerabilities you have in your organizations, groups and portfolios? We show you this information on the ARM under the label Total types. This number will be useful when creating and tracking objectives concerning the total types of vulnerabilities in your systems.

Remember you can find this chart in three different Analytics sections, which will show you different results, depending on whether they relate to your organizations, groups or portfolios.

With good security standards implemented in your software, you will be able to mitigate risks more effectively. We are excited to announce the new security standard we are applying at Fluid Attacks: the NIST Secure Software Development Framework (SSDF). It describes a set of high-level practices based on established standards, guidance and secure software development practice documents.

You can find this and other standards we are applying at Fluid Attacks in the Compliance section of our Documentation. The version used for this section is NIST SP 800-218 v1.1, February 2022. Write to us at help@fluidattacks.com if you have any comments or questions about this standard.

Now you can see your existing credentials when you are adding or editing a root on the ARM. When you select any of them, the fields requiring credential information will immediately autofill with the details of the existing credential. This will help you save time and reduce errors.

Tell us what you think about this new feature by contacting us at help@fluidattacks.com or commenting on this post. We invite you to subscribe to our News channel where we publish weekly information about the ARM and the standards we apply on our security checks. 

We designed a role for users in managerial positions so they can stay informed about all their project's vulnerabilities and act on that information to ensure their remediation. Users with the executive role can access general and detailed data about vulnerabilities, change their treatment, request reattacks, among other functions. If you want to know more about the different roles on the ARM, we invite you to follow this link. 

We encourage you to use the ARM constantly to benefit your cybersecurity practices. This is why, if you are a user manager, we send you an Inactivity alert notification reminding you to use the platform when we detect you’ve stopped using it for three weeks. You can manage this alert from the Notifications section.

We are committed to our customers, always providing them excellent services and valuable features on the ARM. We invite you to subscribe to our News channel so you don't miss announcements about our platform and its improvements.

Now you can find out the percentage of open vulnerabilities which have not been assigned to a developer vs. those that have. You just have to go to the Analytics section of your organization/group/portfolio and find the pie chart named Vulnerabilities by assignment. We hope it will help your decisions to prioritize vulnerability treatments.

Feel free to explore all the charts in the ARM Analytics sections! Don’t forget to subscribe to our News channel so that you don't miss any of the news we post every week.

Now you can find out how close you are to remediating a whole type of vulnerability. You can see this in the new column in the Vulnerabilities section, called Remediation %. This will help you prioritize remediation according to your organization goals and needs.

At Fluid Attacks, we work hard to bring features that meet our customers’ needs. If you have any comments on this new feature, don’t hesitate to post it under this post or write to us at help@fluidattacks.com.

Every day we are working to improve our security criteria. One standard we have implemented is the Web Application Security Consortium  (WASC), which is a cooperative effort to clarify and organize the threats to the security of a website. It outlines the attacks and weaknesses that can lead to compromising the website, its data or its users. You can find this and other standards we are applying at Fluid Attacks in the Compliance section of our Documentation. The version used in this section is WASC Threat Classification v2.0.

We are pleased to announce that we are implementing the new Secrets section. To access it, go to Scope, click on the URL of an active Git root or Environment URLs and select Secrets from the Edit root popup window. There you can examine, add, update and delete secrets (e.g., usernames, passwords, email addresses and tokens) of the selected root. Thanks to this enhancement, User managers easily handle secrets on the ARM, and the time it takes for them to reach our analysts is considerably reduced.

We are delighted to improve the ARM every day for you. We invite you not to miss any of these updates by subscribing to our News channel.

Did you know that the user manager role on the ARM is the one that grants the highest level of privileges on the platform? People with this role have access to all the available functions, so they have complete control over vulnerability management, including how their team handles remediation. If you want to know more about this role, follow this link. Remember that you can find out your role on the ARM by clicking the user icon on the upper-right part of your screen.