False Negatives
In the course of the penetration testing done by our hackers in the Squad Plan, there may be occasions where you notice an open vulnerability that was not reported by them; this would be a false negative. When this happens, to handle this incident with the utmost care, both parties must follow the following protocol.
- The client reports the incident over any of the available communication channels.
- The project manager suspends the billing and any pending charges with the administrative area.
Fluid Attacks
appoints a two-hour meeting with the client in less than eight office hours.- The account manager and an ethical hacker will attend the meeting.
Fluid Attacks
will proceed to analize and understand the client's report.- If possible,
Fluid Attacks
will try to replicate the issue in the environments.
Fluid Attacks
schedules a weekly meeting about the postmortem status.- The meetings will be scheduled for 11:55 AM (GMT-5) and will last 10 minutes.
- The first meeting will be seven days after the initial two-hour meeting.
- The meetings will be recurring with no specified end date.
- From the client's side, at least the reporter of the incident and their two immediate superiors will attend the meetings.
- From
Fluid Attacks'
side, at least the account manager and their two immediate superiors will attend the meetings. - The meeting will be led
by
Fluid Attacks'
account manager. - The agenda for the day would be pending postmortem of both parties and report dates.
Fluid Attacks
gives the client the potential leak form.- The client fills the potential leak form.