SAST vs DAST vs SCA: Which Scan and When
SAST, DAST and SCA explained side by side: what each scan finds, their trade-offs and when to use them across the SDLC. A clear comparison.
PMAP field notes
Field notes on running vulnerability management
Practical writeups on scan orchestration, finding correlation and remediation lifecycle, published by the practitioners who run vulnerability management on the platform, not by a marketing desk.
- Practitioner-authored
- Multi-vendor grounded
- Triage to closure
Category: Vulnerability Management
-
-
Asset Risk Scoring, Explained
What is an asset risk score and how is it calculated? Learn how severity, criticality and exposure combine to rank assets by risk.
-
SLAs in Vulnerability Management, Explained
What is a remediation SLA in vulnerability management? Learn how severity-based deadlines, breaches and escalation work in plain terms.
-
Vulnerability Deduplication, Explained
What is vulnerability deduplication and why does it matter? Learn how duplicate findings happen and how teams collapse them into one.
-
MITRE ATT&CK Explained for Vulnerability Teams
Learn what MITRE ATT&CK is, how tactics and techniques work and why vulnerability teams map findings to it. A clear framework explainer.
-
CVSS Scoring Explained for Practitioners
Understand what a CVSS score means, how base scores and vectors work and how to read severity ratings. A practitioner-friendly CVSS explainer.
-
Mapping CMDB and Asset Sources Into One Inventory
How PMAP reconciles CMDB, scanner and network-discovery assets into one inventory with diff-based sync and source precedence. See the asset-sync model.
-
The Platform-Global Security Tool Catalog
How PMAP keeps a platform-global catalog of security tools by category, vendor and tag, then links them to findings. See the tool catalog model.
-
Choosing Scanners: A Buyer’s View of the Vendor Catalog
How to choose vulnerability scanners across VM, DAST, SAST and SCA without lock-in. A buyer's view of the multi-vendor catalog, normalized in one console.
