Term | Definition |
Asset | A particular location that a vulnerability could be found, such as an IP address, a web server, or a source code file. |
Business unit | A container for related data and projects. A business unit can represent a company, a department or business unit, or something as specific as an individual application or network. |
Checklist | A list of items that must be followed throughout the course of a project. |
Correlation | The association of findings belonging to a specific vulnerability to a Resolve master finding. |
CPE | Common Platform Enumerations For more information, see https://nvd.nist.gov/products/cpe. |
CVE | Common Vulnerabilities and Exposures. For more information, see https://cve.mitre.org/. |
CVSS | Common Vulnerability Scoring System. For more information, see https://www.first.org/cvss/. |
CWE | Common Weakness Enumeration. For more information, see https://cwe.mitre.org/. |
Data source | A container for data imported from a scanning or testing tool. |
Document | A file related to a project, such as a report or scope information. |
Exploit | The act of taking advantage of a vulnerability. |
Instance | A single occurrence of a detected vulnerability on a particular asset. |
| Global Instance | The first published instance in a set of duplicates. |
| Duplicate Instance | An instance that has already been discovered before, paired with a Global Instance. |
Finding tree | An area in a Resolve workspace that contains an organized list of findings. |
Correlation reference | A construct used by Resolve to link a finding to a master finding. |
Finding | A container for instances belonging to a particular combination of asset and master finding. |
Manual instance | An instance created manually instead of automatically imported from scan data. |
Master finding | A generic vulnerability write-up that crosses all workspaces, projects, and organizations. A master finding contains all of the relevant information about a vulnerability without being specific to any asset or environment. |
Master finding variation | A component of a master finding that determines the information associated with a finding, such as the vulnerability description, business impact, instructions, and references. |
NIST | National Institute of Standards and Technology. For more information, see https://www.nist.gov/. |
NVD | National Vulnerability Database. For more information, see https://nvd.nist.gov/. |
Project | A container for data and information related to penetration tests and vulnerability scans. This includes data sources, assets, checklists, documents, and workspaces. |
OWASP | Open Web Application Security Project. For more information, see https://www.owasp.org. |
Questionnaire | A list of questions used to identify key information about the project, such as what needs to be scanned or tested. |
Risk | The potential loss or damage resulting from an vulnerability being exploited. |
Threat | The intent to cause harm or damage to an asset. |
Validation | A confirmation of a vulnerability fix. |
Variation | See Master finding variation. |
Verification | Evidence that a vulnerability exists on an asset as described by a reported instance. |
Vulnerability | A security flaw found on an asset. |
Workspace | A data container to review, manage, and update findings. |