Skills
skills/kentoshimizu/sw-agent-skills/security-vulnerability-management

security-vulnerability-management

SKILL.md

Security Vulnerability Management

Overview

Use this skill to run vulnerability handling as an evidence-based lifecycle instead of ad hoc ticket triage.

Scope Boundaries

  • Vulnerabilities arrive from SAST/DAST/dependency scans, bug bounty, or manual review.
  • Teams need severity ranking, SLA targets, and remediation sequencing.
  • Fix validation and closure criteria must be standardized.

Templates And Assets

  • Vulnerability triage template:
    • assets/vulnerability-triage-template.csv

Inputs To Gather

  • Vulnerability source, technical details, and reproduction evidence.
  • Asset criticality, exploitability context, and external exposure.
  • Available mitigations, patch options, and rollout constraints.
  • Regulatory or contractual remediation time limits.

Deliverables

  • Prioritized vulnerability backlog with severity rationale.
  • Remediation plan that includes compensating controls when full fixes are delayed.
  • Verification evidence for each fixed item.
  • Metrics for aging, SLA breach risk, and recurrence patterns.

Workflow

  1. Normalize intake records and remove duplicates while preserving traceability in assets/vulnerability-triage-template.csv.
  2. Classify severity using impact, exploitability, and environment exposure.
  3. Decide remediation path: patch, configuration hardening, feature disablement, or compensating control.
  4. Assign owner and due date by severity/SLA with explicit escalation path.
  5. Validate fixes in code and runtime behavior, including regression checks.
  6. Close only after evidence confirms exploit path is removed or acceptably mitigated.
  7. Feed recurring classes back into secure coding and architecture guardrails.

Quality Standard

  • Severity and priority decisions are explainable and consistent.
  • High-risk items have rapid mitigation even before permanent fixes.
  • Closure requires objective verification evidence.
  • Program metrics expose backlog health and systemic weaknesses.

Failure Conditions

  • Stop when critical vulnerabilities have no assigned owner or mitigation path.
  • Stop when issues are closed without fix verification evidence.
  • Escalate when SLA breach risk is imminent for high-severity items.
Weekly Installs
1
Repository
kentoshimizu/sw…t-skills
GitHub Stars
4
First Seen
Feb 28, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
amp1
cline1
opencode1
cursor1
continue1
kimi-cli1