When you are reporting a vulnerability but there aren't any other ones of the same type, then you would need to create a new type of vulnerability for the group. In order to do this you can use the functionality for creating new drafts
This is inside the Draft tab of the group, where you can click on the button New for a pop-up to emerge, requesting the title of the finding
The title will be automatically filled out with the finding's name when you enter text in the field and when you click on the “Proceed” button, a new draft will appear with some fields filled out, based on the standardization sheet of the finding. The newly created draft will appear in the draft table and you can click on it to begin filling out all the information needed to properly submit its creation.
Only the author of the draft can submit it and make changes to a non-submitted draft, and you cannot submit a draft until it has both severity and vulnerabilities. However even if your draft has severity and vulnerabilities, it will surely not be accepted by the reviewers if you submit it in such a state. A draft properly filled out for submission has:
- Location of all the vulnerabilities
- Description of the type of vulnerability
- The severity score
- Evidence of the existing vulnerabilities
- And lastly a record of all the sensitive information discovered, if applicable.
We will go over each of these in order across subsequent articles.
When creating a new type of vulnerability you need to specify the location of the vulnerability or vulnerabilities that prompted you to create it. In order to do this you need to follow the same steps as when you are reporting new vulnerabilities in an existing type of vulnerability, which is described in this link.