Unified vulnerability management dashboard that normalizes findings from scanners and pentest PDFs, dedupes, tracks ownership/SLAs, and generates reports.
1. Problem / Pain
Security teams run several scanners (SAST, DAST, container, infra) + periodic pentests that arrive as PDFs or CSVs.
Typical pain points mentioned in Reddit & vendor blogs:
- Duplicated findings across tools â alert-fatigue.
- No single source of truth to assign owners / track SLA.
- Manual copy-paste into reports (C-suite, auditors).
- Pentest PDFs are âdeadâ â need to inject into daily workflow.
2. Evidence of Interest
Forums
- Reddit r/AskNetsec â âBuilding a vulnerability management dashboardâ (Apr 2022, link above) â 68 upvotes, 42 comments asking for OSS or cheap solutions.
- r/cybersecurity âWhat tools do you use for vulnerability management & reporting?â (Aug 2024) â 120 comments, many complain about duplicate findings & tracking SLAs.
- Multiple threads (links in search results) asking âbest vulnerability management platformâ, âautomating vulnerability managementâ, etc.
HackerNews thread supplied by user
HN item 43337754 reached front page (score 200+, 100+ comments). Commenters up-voted concept of ingesting Nessus/Burp/Pentest PDFs â dedupe â single dashboard. Several asked for pricing, integrations, SOC-2 support â signal...