Issue Quality Workflow
Turn Every Security Engagement Into a
Structured, AI-Validated
Intelligence Event
OSM's Issue Quality Workflow (Blue) makes all security testing repeatable, measurable, and fully documented — eliminating 93% of false positives before findings reach your team.
The 4 Stages of the Issue Quality Workflow (Blue)
Each stage produces structured, evidence-backed security intelligence fed into the OSM Brain.
Stage 01
Governance & Scope
Define scope using OSM Guideline Types. Compliance categories auto-map to OWASP, PCI DSS, ISO 27001, and NIS2. Security Context pillar stores all definitions.
OSM GuidelinesScope ControlCompliance Mapping
Stage 02
OSM Brain AI Validation
The OSM Brain cross-references findings against the Vulnerability DB Wizard (26,247+ CVEs) and Exploit DB Wizard (46,769+ exploits). Real Risk Scores are assigned.
26,247 CVEs46,769 ExploitsReal Risk Score
Stage 03
False Positive Filtering
AI Assistance Wizard automated filtering achieves 93% noise reduction. Only findings meeting validation thresholds for exploitation and criticality proceed.
93% Noise ReductionAI WizardsAsset Context
Stage 04
Structured Issue Generation
Every validated finding becomes a structured OSM Issue: compliance-mapped, remediation-planned, asset-contexted — ready for the Issue Resolution Workflow.
Compliance MappedRemediation PlanOSM Issue Format
What a Validated OSM Issue Looks Like
Every finding exits the Issue Quality Workflow as a structured, AI-enriched record.
Executive Summary
RCE on production web server. Exploit DB Wizard confirms active attack patterns. Realtime Risk Data pillar shows active exploitation in the wild. SLA escalation initiated in Issue Resolution Workflow.
Data Pillars
Security Data→
Security Context→
Realtime Risk Data→
Asset Information
Compliance Mapping
PCI DSS 4.0 Req 6.3.3 · ISO 27001 A.8.8 · NIS2 Art. 21 · OWASP A1:2021
Remediation Plan
Immediate (24h): Upgrade to Tomcat 9.0.104+ · Short-term (7d): WAF rule deployment · Long-term (30d): Container image rebuild. Escalated to Issue Resolution Workflow — SLA: 1 hour (Critical).
Quality Workflow Engagement Lifecycle
From project creation to closure — fully tracked by the Governance Pyramid and SLA-enforced by the Issue Resolution Workflow.
01
Create Project
Scope, assets, compliance — Governance Pyramid
02
Run Assessments
Network, Web, Container, Code tested
03
Quality Workflow
OSM Brain dedup & false positive elimination
04
SLA Tracking
Issue Resolution Workflow enforces escalation
05
Remediation
Auto-tickets to Jira/ServiceNow, validation
06
Report
Enriched reports for all Governance levels
