Support for CWE and CAPEC Classifications
The classification of findings has been reworked. MITRE Common Weakness Enumeration (CWE), MITRE Common Attack Pattern Enumeration and Classification (CAPEC), and Bugcrowd Vulnerability Rating Taxonomy are currently supported. For MITRE based classifications, it is possible to examine the entries by using views.
The classification systems used can be set for each assessment, and the default classification systems for new assessments can be set from the settings page. Classifications have been added to finding templates where available.
Other new and improved features
- Researcher panel buttons have been reworked.
- Sections that contain caution tags are displayed with an icon in the researcher panel.
- The action-required tooltips in the researcher panel have been improved.
- Docker image is now based on Debian Bullseye.
- Snippets for OWASP and CVSS risk assessment sections are now seeded and included in the relevant sections of seeded assessment types and assessments.
- Blocking/Deleting of users has been improved.
- Fixed a bug where the copy markdown button didn't work after editing a markdown field.
- Fixed caution tags in retests check.
- Added existence checks for broadcasting. Loading broadcast channels will no longer rarely crash if a model has been deleted or access has been revoked.
- Copy tags are now removed from the PDF instead of being shown as "[copy][/copy]" in reports.