Which is eligible place in servicenow for onboarding responsible disclosures.

prasanna11 · ‎08-21-2024

We are looking to onboard responsible disclosures to be created as a request in servicenow. Which is the right place to put this in servicenow.

Can it be put into vulnerability management app. OR security incident request table (sn_si_request) ? If anyone has onboarded responsible disclosures into servicenow, please share your expertise.

#vulnerability #security #sir

Mark Manders · ‎08-21-2024

I haven't done it before, but it sounds more like vulnerability management than a real security incident, depending on your business of course.

To let people tell you, you have a possible issue does not (yet) belong in a security incident (when the vulnerability is exploited).

An 'if you don't close that gap in your code, I could steal all your money' is a little bit different than 'thanks for having this whole in you code, I now have all your money'.

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark