Chapter 13: Scoring and Reporting Your Vulnerabilities

Now that you have managed to find a lot of problems in your target system, how do you give a score to them and present them to your client? And even more importantly, how do you actually explain the vulnerabilities so it makes sense to your client (both business- and risk-management-wise)?

The most important aspects of scoring and reporting are the following:

  • Be consistent (in scoring and format)
  • Be clear
  • Separate the information based on the audience
  • Use a scoring system that is formally agreed on by the client
  • If they want to adjust the scoring of a vulnerability, they own their risk but this change must leave a written trace
  • All the vulnerabilities must be discussed with the client. ...

Get Practical Hardware Pentesting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.