 Overview
Vulnerability intelligence submitted via reports from customers or partners will be prioritized and treated with high priority. Reports will be assessed and verified with existing architecture. If in case needed, a Proof of Concept is performed to understand the mitigation or remediation strategy to prevent the execution or propagation of the vulnerability.
Vulnerability incident is raised if an existing vulnerability identified by monitoring or reported through intelligence report is executed to attempt to exploit it. Incidents should be prioritized with high priority and should be addressed immediately to prevent the propagation and mitigate or lessen the impact to the business.
 Vulnerability Reporting
The reports should be submitted via email to jameskarlo.baylon@advancegroup.com. Handling of incidents and intelligence reports will follow vulnerability management process.
Crisis
Reported vulnerabilities with CVSS score of 9-10 should be raised to vulnerability response playbook.