Error in severity score indicator
Incident Report for Fluid Attacks
Postmortem

Impact

An unknown number of platform users read an incorrect severity number. The issue started on UTC-5 23-06-29 16:47 and was proactively discovered 1.1 months (TTD) later by our engineering team, who noticed the inconsistency while running local automated tests and reported it [1]. The problem was resolved in 4.8 days (TTF) resulting in a total impact of 1.3 months (TTR).

Cause

An indentation bug introduced in merge [2] generated an early exit from the function that calculates the severity score of the finding, impacting the max-open-severity-score results.

Solution

We solved it by fixing the indentation of the code in a merge request [3].

Conclusion

The bug was not detected before reaching production because the tests that verified the module in charge of calculating the indicator did not cover this particular case; therefore, new tests that covered the module correctly were added [4]. MISSING_TEST

Posted Sep 18, 2023 - 19:39 GMT-05:00
Resolved
The problem was solved and now the indicator shows the correct value.
Posted Aug 16, 2023 - 15:25 GMT-05:00
Identified
Cases have been identified in which the severity indicator shows an incorrect value.
Posted Aug 03, 2023 - 16:47 GMT-05:00
This incident affected: Web.
Current Status Powered by Atlassian Statuspage