Hi,
we recently came across requirements regarding Technical Dept, for which we are not sure how to utilize the TPM/TRM to take care of them.
1.) How can technical dept, that is not related to the lifecycle, but instead shortcuts taken during development/customization be represented?
2.) Can we import information regarding vulnerabilities for applications, maybe via the SecOps module, and where/how would that be represented?
3.) Can we import information regarding vulnerabilities for homegrown applications or open-source applications and how would that be represented?
Thanks for any input!
