Evidence Checklist

Collect the proof needed before a vulnerability becomes work.

Use this checklist between discovery and action. It helps separate confirmed exposure from noisy signal, and gives teams a shared evidence standard for patching, mitigation, detection, and escalation.

Evidence standard: a good handoff names the affected asset or product, affected version, exposure path, source confidence, remediation path, owner, deadline, and validation evidence. If those are missing, choose Validate Exposure before Patch Now.

Version Validation False Positives Not-Affected Evidence Remediation Evidence Decision Matrix

Evidence Sets

What to collect for each defender decision

Open Decision Matrix

Quality Gates

How to know whether evidence is ready for action

Evidence Templates

Copy-ready validation notes for tickets and briefings

Recommended use: gather evidence first, choose an action lane in Decision Matrix, then use Handoff Center or Playbooks for the final message.

Decision Matrix Version Validation False Positives Remediation Evidence Handoff Center Playbooks