Single register, not seven
Vulnerabilities, control gaps, audit findings, pen-test issues — all in one spine, all scored on the same scale.
Use case · Exposure response
Exposure response, with a verifiable close.
A vulnerability scanner gives you a list. An exposure register gives you a programme. Triage, prioritise, assign, fix, verify — and report a credible trend line to the board next quarter.
Who it's for
- Vulnerability and exposure management leads.
- Security architects driving control-gap remediation.
- GRC teams reporting against the Essential Eight or CPS 234.
What the platform does for you. No more spreadsheets.
Risk-based triage
Score against the EPSS, exploitability, asset criticality and business impact. Auto-prioritise the queue.
Owner, due date, evidence
Every exposure has an accountable owner, an SLA-derived due date, and an evidence slot for the verifier.
Linked to policy
Each exposure can cite the policy, standard or procedure it violates — closing the loop with governance.
Verification gate
Closure requires sign-off by an independent verifier. No marking your own homework.
Trend reporting that lands
Quarterly burn-down by team, service and control family. The board sees movement, not noise.
Seven stages. One workspace.
Each stage is supported by structured data — not free-text fields and Slack threads.
01
Ingest
Scanner findings, audit observations, pen-test reports — feed in.
02
Triage
De-duplicate, classify, score against your risk model.
03
Assign
Owner accepts. Due date set against severity SLA.
04
Remediate
Engineering work tracked. Mitigation plan documented.
05
Verify
Independent verifier confirms with evidence.
06
Close
Closed with link to the change record. Counts in the trend line.
07
Report
Quarterly report by team, service, control family.
From scanner to verifiable close. In one workflow.
Bring your existing scanner output and we'll wire it through the register on a discovery call.