Chapter 13: Scoring and Reporting Your Vulnerabilities

Now that you have managed to find a lot of problems in your target system, how do you give a score to them and present them to your client? And even more importantly, how do you actually explain the vulnerabilities so it makes sense to your client (both business- and risk-management-wise)?

The most important aspects of scoring and reporting are the following:

Be consistent (in scoring and format)
Be clear
Separate the information based on the audience
Use a scoring system that is formally agreed on by the client
If they want to adjust the scoring of a vulnerability, they own their risk but this change must leave a written trace
All the vulnerabilities must be discussed with the client. ...

Get Practical Hardware Pentesting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Hardware Pentesting by Jean-Georges Valle

Chapter 13: Scoring and Reporting Your Vulnerabilities

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly