陌讯skills聚合平台

security-vulnerability-management

📁 kentoshimizu/sw-agent-skills 📅 1 day ago
1
总安装量
1
周安装量
#77727
全站排名
安装命令
npx skills add https://github.com/kentoshimizu/sw-agent-skills --skill security-vulnerability-management

Agent 安装分布

amp 1
cline 1
opencode 1
cursor 1
continue 1
kimi-cli 1

Skill 文档

Security Vulnerability Management

Overview

Use this skill to run vulnerability handling as an evidence-based lifecycle instead of ad hoc ticket triage.

Scope Boundaries

  • Vulnerabilities arrive from SAST/DAST/dependency scans, bug bounty, or manual review.
  • Teams need severity ranking, SLA targets, and remediation sequencing.
  • Fix validation and closure criteria must be standardized.

Templates And Assets

  • Vulnerability triage template:
    • assets/vulnerability-triage-template.csv

Inputs To Gather

  • Vulnerability source, technical details, and reproduction evidence.
  • Asset criticality, exploitability context, and external exposure.
  • Available mitigations, patch options, and rollout constraints.
  • Regulatory or contractual remediation time limits.

Deliverables

  • Prioritized vulnerability backlog with severity rationale.
  • Remediation plan that includes compensating controls when full fixes are delayed.
  • Verification evidence for each fixed item.
  • Metrics for aging, SLA breach risk, and recurrence patterns.

Workflow

  1. Normalize intake records and remove duplicates while preserving traceability in assets/vulnerability-triage-template.csv.
  2. Classify severity using impact, exploitability, and environment exposure.
  3. Decide remediation path: patch, configuration hardening, feature disablement, or compensating control.
  4. Assign owner and due date by severity/SLA with explicit escalation path.
  5. Validate fixes in code and runtime behavior, including regression checks.
  6. Close only after evidence confirms exploit path is removed or acceptably mitigated.
  7. Feed recurring classes back into secure coding and architecture guardrails.

Quality Standard

  • Severity and priority decisions are explainable and consistent.
  • High-risk items have rapid mitigation even before permanent fixes.
  • Closure requires objective verification evidence.
  • Program metrics expose backlog health and systemic weaknesses.

Failure Conditions

  • Stop when critical vulnerabilities have no assigned owner or mitigation path.
  • Stop when issues are closed without fix verification evidence.
  • Escalate when SLA breach risk is imminent for high-severity items.
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。