Ask HN: Feedback on a Vulnerability Management Tool Idea
Hey HN,
I’m building a vulnerability management tool to tackle the mess of tracking findings from pen tests and security scanners. The idea is to fetch results, format them consistently, and keep them updated in one dashboard. It’ll also include asset management and reporting features for org-wide visibility.
It’s not ready yet—still in development—but I’d love your input. What’s your biggest pain point with vuln management today? Anything you’d want in a tool like this? Early thoughts appreciated as I shape it!
Pen test reports are usually delivered in narrative form, with a description of potential risks and mitigations. What are your plans for translating that into a dashboard format?
I’m a penetration tester myself, and what I’ve noticed is that on the client side, management wants high-level reports—like how many findings are open, and how many are high or medium severity. We do provide PDF reports of the pentest, but they always struggle to track the overall status of the findings.
So, I’ve been thinking about creating a web app tracker where they can see the impact, description, severity, and mitigation recommendations.
Also not all penetration testing findings number in the hundreds or thousands, except for vulnerability assessments (VA). So, it might be better for a consultant to input this information for the client.