Issues with Zero Risk requests
Incident Report for Fluid Attacks
Postmortem

Impact

At least one staff member encountered issues requesting Zero Risk for certain vulnerabilities. The issue started on UTC-5 24-02-16 17:43 and was proactively discovered 5.5 months (TTD) later by a staff member who reported through our help desk [1] that it was not possible to request Zero Risk for the vulnerabilities. The problem was resolved in 2 days (TTF) resulting in a total impact of 5.5 months (TTR) [2].

Cause

The issue occurred with the modal used to update how vulnerabilities are treated. The system mistakenly validated inputs irrelevant to the Zero Risk option and failed to validate some inputs related to the ON_PROGRESS treatment properly. Because these inputs were not displayed, users could not see the errors, which prevented the information from being sent to the backend [3][4].

Solution

Enhancing form validation and simplifying component interfaces for better usability was necessary. The validation logic was optimized for handling different treatment statuses, and Formik was integrated into the modal [5][6].

Conclusion

It is essential to add test cases that verify the ability to request updates for vulnerability treatments across all options. Enhancing test coverage in this area will help ensure the system functions correctly and reliably for every treatment type. INCOMPLETE_PERSPECTIVE < MISSING_TEST

Posted Aug 05, 2024 - 09:05 GMT-05:00
Resolved
The incident has been resolved, and it is now possible to request Zero Risk as usual.
Posted Aug 02, 2024 - 15:11 GMT-05:00
Identified
Issues have been detected that prevent users from requesting Zero Risk for vulnerabilities.
Posted Aug 01, 2024 - 15:35 GMT-05:00
This incident affected: Platform.
Current Status Powered by Atlassian Statuspage