Hello experts,
I am new to Vulnerability, and I would like to have process information.
In our instance, we have identified examples, where the VCA was wtill in review, even when the associated remediation task(VUL) was closed and its VIT's were also closed
Is this normal behaviour? if yes then why it doesnt closes the VCA as well?
I came across post that was saying--> Vulnerability State Change Approvals (VCAs) are often used for exceptions (deferrals or false positives) rather than standard remediation. If a remediation task is closed because the vulnerability was fixed, the VCA used for an exception might not be designed to automatically close because the original request was for an exception/deferral, not a fix.
I need to provide workaround for this and I will highly appreciate the information about Higher level Process of this whole lifecycle
Thank you!
