CVSS 3.1 Scoring System
The Common Vulnerability Scoring System Version 3.1 (CVSS) is now supported in addition to the OWASP Risk Rating methodology.
When starting a new assessment you can choose which scoring system you would like to use. It is possible to build a CVSS metric string by using the buttons or paste an existing CVSS metric string that will set the state of the buttons. The CVSS scoring system can be set as the default scoring system via the global settings.
Assessment access control improvements
- Better support for the assessment manager role. The assessment manager is displayed on the assessment page.
- Separated team access and client access into separate tabs.
- It is possible to specify which clients receive notifications from the "Client Access" tab. Clients with notifications disabled do not receive notifications about finding events unless they were directly tagged.
- Under the tab "Status and Phases" the button "Autofill users" has a new option to autofill based on current permissions. Researchers who can review findings or retests are assigned as a reviewer. Anyone who can create findings or retests is assigned as a researcher if not already assigned as a reviewer.
- Removed permissions "show as researcher", "show as client", "publish on report as researcher", and "comment as researcher". These are now handled based on the new options.
- The global findings search has been improved. Search for the (partial) name of a target and filter by assessment type, author, and target.
- Caching of assessment users for performance improvements.
- The researcher panel search terms would sometimes reappear.