If there’s one thing I can’t stand, it’s development teams using Excel spreadsheets to keep track of their application vulnerabilities. There’s really no justification for it. Adding or modifying any new data requires locating the appropriate cells, entering or changing the information, merging cells, and formatting them. And let’s not forget: all this has to be done manually. Spreadsheets might have been great before there were any alternatives, but it’s 2020, people. if nothing else, we have far better ways to manage vulnerabilities.

Which brings me to Jira by Atlassian. Although it has all kinds of uses today (including project management), when it was created in 2003, Jira was built for tracking and managing bugs throughout the application development process. It’s still used for that today, and that’s what we’re going to talk about in this article.

Tracking security issues is an essential part of the application development process, because once the security team hands over their vulnerability reports, it’s really up to the devs to handle the vulnerabilities. How can you be sure that one recurring vulnerability is ironed out before the release tomorrow? Which vulnerability needs to be fixed more urgently than the others? Jira can help you with these problems, and streamline the vulnerability remediation process.

Here are some of the most important ways Jira can help with app development:

Read more: This security team used advanced vulnerability analytics to train the development team on writing secure code

But Jira isn’t a foolproof defect tracking solution, and dev teams still face some teething issues when they start using it. Here are some of the biggest problems developers face:

Now, I’m not the kind of guy to tell you there’s a problem and not give you a way to solve it. And these issues with Jira are very much in the ’solvable’ bracket. 

If you didn’t already know about it, Automatic Vulnerability Correlation (AVC) is a process that takes scan results from tools and automatically organises them according to CWE number, severity levels and category. AVC platforms integrate directly with common security tools, making it possible for results to be automatically uploaded and correlated.

Learn more: How vulnerability correlation works

Here’s how AVC can make defect tracking with Jira way more streamlined, efficient and accurate:

Leave a Reply

Your email address will not be published. Required fields are marked *