Use examples as patterns, not proof: replace placeholders with source links, owner names, dates, asset scope, telemetry scope, scanner context, and review triggers before copying any language into tickets or briefings.
Evidence Library
Examples for proving, closing, and communicating vulnerability work.
Use this library when the next question is not which page to open, but what proof is good enough for affected status, priority, remediation, SOC review, vendor follow-up, or leadership language.
Evidence Paths
Choose the example by the decision you need to defend
Applicability
Affected or not affected?
Use version, feature, platform, reachability, backport, and owner proof before assigning or closing work.
Priority
What should move first?
Combine exploitation, exposure, business context, patch state, operational safety, and evidence quality.
Closure
Is remediation proof good enough?
Compare scanner retests, owner evidence, change records, compensating controls, SOC checks, and exceptions.
Handoff
Who needs to act?
Choose patch, SOC, asset owner, vendor, risk, or leadership language based on the evidence and decision lane.
Vendor
What is unclear?
Use vendor escalation examples when affected ranges, fixed versions, mitigations, support status, or cloud responsibility are ambiguous.
Communication
What can we safely say?
Use executive, SOC, patch owner, and weekly review examples without claiming local exposure or compromise too early.
Copy Pattern
Evidence note shell
Validation note
Source: [advisory/scanner/detail]. Asset scope: [system/group]. Installed evidence: [version/config/feature]. Exposure evidence: [network/auth/reachability]. Caveat: [what is still unknown]. Next action: [owner ask and review date].
Closure note
Closure state: [patched/mitigated/not affected/accepted]. Proof: [change record, retest, owner artifact, control evidence, SOC check]. Weakness: [scanner-only, owner-only, stale proof, missing telemetry]. Review trigger: [new advisory, retest, patch, exception expiry].
Leadership note
Status: [validating/action/blocked/closed]. Decision needed: [approve window/accept risk/escalate vendor]. Evidence boundary: [what this proves]. Caveat: [what it does not prove]. Next update: [date or event].
Recommended route: start with Evidence Checklist, use this library for examples, then choose the decision, handoff, or closure page that matches the proof.