Error in severity score indicator
Incident Report for Fluid Attacks
Postmortem

Impact

An unknown number of platform users read an incorrect severity number (UTC-05 23-06-29 16:47 to 23-08-08 14:02: 1.3 days -time to recover-). The incident was proactively detected (at UTC-5 23-08-03 16:47: 1.2 days -time to detect-) by our engineering team who noticed the inconsistency while running local automated tests and reported it [1].

Cause

An indentation bug introduced in merge [2], generated an early exit from the function that calculates the severity score of the finding, impacting the max-open-severity-score results.

Solution

We solved it by fixing the indentation of the code in a merge request [3].

Conclusion

The bug was not detected before reaching production because the tests that verified the module in charge of calculating the indicator did not cover this particular case, therefore new tests were added that covered the module correctly [4]. MISSING_TEST

Posted Sep 18, 2023 - 19:39 GMT-05:00
Resolved
The problem was solved and now the indicator shows the correct value.
Posted Aug 16, 2023 - 15:25 GMT-05:00
Identified
Cases have been identified in which the severity indicator shows an incorrect value.
Posted Aug 03, 2023 - 16:47 GMT-05:00
This incident affected: Web.
Current Status Powered by Atlassian Statuspage