Select a component to see open bugs in that component:
Bugs related to the operations security (OpSec) team. These include server/network related security issues. (more info).
Used whenever a security breach, data leak, or event occurs that requires incident response.
Think you might have a security incident but need help figuring it out? Leaked passwords but don't know if they've been used? It goes here. If attack is in progress or data has been leaked and used/seen by third parties, use the Incident component instead.
The Rapid Risk (Impact) Assessment (also called Rapid Risk Analysis) is a 30 minutes or less discussion about the potential risks of a project. The RRA is high level and lightweight.
Risk recorded during a risk analysis. These entries represent the risks and recommendations made. Tracking of remediations, acceptance of risk ("wontfix"), or discussion is done here.
A semi-automated point-in-time vulnerability assessment conducted by a vulnerability scanner and other “point and shoot” tools for an explicit set of target(s). May include a validation component, depending on scope.