Error in severity score indicator
Incident Report for Fluid Attacks


An unknown number of platform users read an incorrect severity number (UTC-05 23-06-29 16:47 to 23-08-08 14:02: 1.3 days -time to recover-). The incident was proactively detected (at UTC-5 23-08-03 16:47: 1.2 days -time to detect-) by our engineering team who noticed the inconsistency while running local automated tests and reported it [1].


An indentation bug introduced in merge [2], generated an early exit from the function that calculates the severity score of the finding, impacting the max-open-severity-score results.


We solved it by fixing the indentation of the code in a merge request [3].


The bug was not detected before reaching production because the tests that verified the module in charge of calculating the indicator did not cover this particular case, therefore new tests were added that covered the module correctly [4]. MISSING_TEST

Posted Sep 18, 2023 - 19:39 GMT-05:00

The problem was solved and now the indicator shows the correct value.
Posted Aug 16, 2023 - 15:25 GMT-05:00
Cases have been identified in which the severity indicator shows an incorrect value.
Posted Aug 03, 2023 - 16:47 GMT-05:00
This incident affected: Web.