This task begins with identifying all of the stakeholders, and the type of information that each needs. For example, a Chief Security
Officer would be interested in knowing the security risk associated with the discovered vulnerabilities. A Compliance
Officer would be interested to know how the discovered security issues affect your organization's compliance with
particular government or industry standards. Developers would need to know the technical details about the discovered
vulnerabilities and, if possible, the steps they need to take to fix them.
Once you have all of the reports ready, you should present them to the different stakeholders.
|