Skip to main content

False negatives

In the course of the penetration testing done by our hackers with the Squad plan, there may come occasions where you notice an open vulnerability that wasn't reported by our hackers, this would be a False negative. When this happens, in order to handle this incident with the utmost care, we will follow with you the following protocol.


  1. The client reports the incident over any of the available communication channels,
  2. The Project Manager suspends the billing and any pending charges with the administrative area,
  3. Fluid Attacks appoints a 2-hour meeting with the client in less than 8 office hours,
    • The Account Manager and an Ethical Hacker will attend the meeting,
    • We will proceed to analize and understand the client's report,
    • Also, try to replicate the issue in the environments (if possible),
  4. Fluid Attacks schedules a weekly meeting about the postmortem status,
    • Taking place from 11:55AM to 12:05PM (10 minutes),
    • The first meeting is 7 days later with no end date (recurring),
    • From the client's side at least the reporter of the incident and their two inmediate superiors will attend the meetings,
    • From Fluid Attacks' side at least the Account Manager and their two inmediate superiors will attend the meetings,
    • The meeting is lead by Fluid Attacks' Account Manager,
    • The agenda for the day would be pending postmortem of both parties and report dates,
  5. Fluid Attacks gives the client the potential leak form.
  6. The client fills the potential leak form.