Improve patch exception revalidation gates by danyili2632 · Pull Request #1438 · UnitOneAI/SecuritySkills

danyili2632 · 2026-06-06T13:45:38Z

Summary

adds trigger-based revalidation gates for deferred vulnerability exceptions
covers vendor patch/advisory availability, CISA KEV, EPSS movement, public/active exploitation, exposure/criticality changes, scanner evidence changes, and compensating control drift
adds required report output fields for last/next revalidation, triggers checked, SSVC/SLA change, control retest, and resulting action
adds a common pitfall warning against waiting for fixed review dates after conditions change

git diff --check
rg -n "Deferred Vulnerability Revalidation|Vendor patch|CISA KEV|EPSS|public exploit|Asset exposure|Compensating control retest|Last revalidation|Next revalidation|fixed review date" skills/vuln-management/patch-prioritization/SKILL.md
verified Markdown fence count remains even: 12

Bounty target: Improver Moderate if accepted.
Preferred payout: Base USDC 0x6CBF4b5cb88b8C2B7af776Bc2B073163B5d3C08A

improve patch exception revalidation gates

131153e

danyili2632 mentioned this pull request Jun 6, 2026

[REVIEW] patch-prioritization: add deferred vulnerability revalidation gates #1401

Open