Mark detected CVEs as false positive

The current update provides an option to mark a CVE as a false positive. Sometimes your vendor issues a patch that fixes the security problem but does not change the version number. This is known to happen with OpenSSH in some LTS linux distros. Up until now, if this happened to you, you were stuck with a CVE in your reports that should not be there.

Since the last update, you can go to the asset page, click the CVE, and mark it as a false positive in the dialog that pops up. You can also add a reason why it's a false positive (which is a good idea, you really should do this).

The menu on the left hand side now has a "Vulnerabilities" item. It has a submenu with your current vulnerabilities, an overview of all new vulnerabilities known in ShadowTrackr, a list of your false positives, and and overview of al CISA's Known Exploited Vulnerabilities (KEV). You can delete false positives from the overview in this submenu.

This is the first step in improving the vulnerabilities overview. The goal is to provide you a better overview of where your risks are and what your next steps should be. There are more improvements in the pipeline.