Gain granular visibility into security technical debt: AppSec Admins need a clear, detailed picture of their security technical debt. This means being able to see the number of issues classified as backlog and new per repository and branch within an Cortex Cloud Application Security dashboard. This granular view allows managers to understand the full scope of their technical debt and identify areas where new vulnerabilities are still being introduced (bleeding)
Monitor and optimize security program performance: To effectively manage security initiatives, AppSec Admins require a way to track the trend of backlog and new issues over time, both in total and broken down by each scanner (IaC, Secret, Vulnerability, SAST). Displaying this trend data in a dashboard widget helps you understand the pace of issue resolution across teams and pinpoint areas that may require escalation or additional resources
Streamline prioritization and remediation by scanner: Cortex Cloud Application Security practitioners, development managers, and business owners need to efficiently prioritize and act on security findings. This is achieved by seeing, for each scanner, which issues are classified as backlog and new. This scanner-specific view allows for targeted remediation efforts, ensuring teams can focus on the most relevant and impactful issues based on their origin and status
Implement differentiated security policies: To ensure the system accurately reflects an organization's specific context, it must allow for customizable issue classification. This includes defining a historical cutoff date for when issues in existing repositories are considered backlog and new, and setting parameters such as treating new vulnerabilities discovered on existing Software Bill of Materials (SBOMs) as new issues. This flexibility ensures the backlog/new distinction is meaningful and actionable for all stakeholders