PMAP field notes

Field notes on running vulnerability management

Practical writeups on scan orchestration, finding correlation and remediation lifecycle, published by the practitioners who run vulnerability management on the platform, not by a marketing desk.

Practitioner-authored
Multi-vendor grounded
Triage to closure

Vulnerability Management February 24, 2026

Planning a Pentest Project With Multiple Firms

Scope a pentest engagement across multiple firms with roles, man-day budgets and a wave timeline. See how PMAP governs multi-firm projects.

By PMAP Security Team Read post
Vulnerability Management February 23, 2026

Comparison Analytics: Company, Project, Scan and Year-Over-Year

Benchmark companies, projects and scans side-by-side, track year-over-year trends and diff two reports. See how PMAP measures the gap.

By PMAP Security Team Read post
Vulnerability Management February 21, 2026

Configurable Dashboards: A Widget Canvas for Every Role

Build per-user dashboards from 8 widget types with saved layouts, scoped filters and a default landing view. See how PMAP fits every role.

By PMAP Security Team Read post
Vulnerability Management February 19, 2026

KPIs and SLA Dashboards Executives Actually Read

Pick the KPIs that prove vulnerability progress: open and critical counts, SLA breach rate, MTTR and risk rankings. See how PMAP reports them.

By PMAP Security Team Read post
Vulnerability Management February 18, 2026

Mapping Findings to MITRE ATT&CK Techniques

Tag findings with ATT&CK techniques via a typeahead picker and auto-backfill from templates for coverage heatmaps. See how PMAP maps ATT&CK.

By PMAP Security Team Read post
Vulnerability Management February 16, 2026

A Bilingual Remediation Solution Library Your Team Reuses

Centralise fix guidance in a CVE-keyed, bilingual remediation library ordered by CVSS so the right playbook surfaces first. See how PMAP reuses it.

By PMAP Security Team Read post
Vulnerability Management February 15, 2026

Framework Agreements and Man-Day Budget Control

Track contracted man-days against linked projects with auto-recalculated usage and a capacity gauge. See how PMAP controls man-day budgets.

By PMAP Security Team Read post
Vulnerability Management February 13, 2026

Four-Eyes Approvals for Sensitive Finding Changes

Stop unilateral risk acceptance. Require a second reviewer for accepted-risk, false-positive and closed changes, with a full approval trail. See PMAP.

By PMAP Security Team Read post
Vulnerability Management February 12, 2026

Evidence and Re-testing: Proving a Finding Is Actually Fixed

Close findings on proof, not promises. Capture structured evidence, view SAST and SCA artefacts, and run analyst or vendor re-tests. See how in PMAP.

By PMAP Security Team Read post