Skip to main content
Document Information:
  • Version: 1.0
  • Effective Date: September 15, 2025
  • Owner: CTO (Will Evans)
  • Review Frequency: Quarterly
  • Approved by: CTO
  • ISO 27001:2022 control: (A.5.7 - Threat Intelligence)

1. Purpose & Scope

This document outlines Mindset AI Ltd’s process for identifying, prioritizing, and remediating security vulnerabilities across our technology stack using external threat intelligence sources, in accordance with ISO 27001:2022 Control A.5.7 - Threat Intelligence. Scope: All Mindset AI Ltd information systems, applications, and infrastructure components.

2. Roles & Responsibilities

  • CTO (Will Evans): Overall process ownership, development environment security oversight, critical vulnerability escalation
  • VP of Operations: Infrastructure security oversight, risk assessment approval, quarterly reviews
  • Systems Administrators: Infrastructure vulnerability remediation, scanning tool management
  • Development Teams: Code-level vulnerability remediation, merge request security review
  • Compliance Manager: Regulatory compliance validation, audit evidence coordination

3. Vulnerability Identification Sources

3.1 Automated Scanning

Code & Dependencies:
  • Tool: GitLab CI/CD security scanning (continuous)
  • Frequency: Every commit to main/master branches
  • Coverage: Dependency scanning, SAST, secret detection
  • Results: Visible in merge requests, pipeline security tabs, and personal Security Center
Infrastructure Scanning:
  • Frequency: Weekly automated scans
  • Tools: [To be configured based on current infrastructure]
  • Scope: Production and staging environments

3.2 External Threat Intelligence Sources

We monitor the following external sources via automated RSS feeds delivered to #security-alerts Slack channel: Primary Sources: Industry Security News: Technology-Specific Sources:
  • Hacker News Tech Filter Pattern follows https://hnrss.org/newest?q=vulerability+<context> and https://hnrss.org/newest?q=security+<context>
  • Context list :dart, package, js, javascript, typescript, , python, langgraph, flutter, google, gcp, windows, linux
Monitoring Process:
  1. Daily monitoring of #alert-security Slack channel (all team leads)
  2. Emoji classification on each RSS feed post:
    • ⚠️ Take Action - Requires immediate response/GitLab issue
    • Unknown - Needs research and assessment
    • No Risk - Not applicable to our infrastructure
    • Resolved - Applied to “Take Action” items after remediation
  3. Response Actions:
    • ⚠️ Create GitLab vulnerability issue immediately using standard template
    • ❔ Research within 24 hours, then update to ⚠️ or ❎
    • ✅ Add to posts with ⚠️ once GitLab issue is closed
  4. Weekly Quality Check: CTO reviews #security-alerts channel, verifies all posts from past 7 days have emoji classification, follows up on any ❔ items older than 24 hours
  5. Evidence Trail: Slack channel history with emoji reactions provides audit evidence, GitLab issues for actionable threats, escalation to CTO for CISA KEV or critical findings

4. Vulnerability Prioritization Framework

Vulnerabilities are prioritized using the following matrix (aligned with Operations Security Policy):
SeverityCVSS ScoreRemediation TimeGitLab LabelSpecial Handling
CISA KEVAny48 hours~security::cisa-kevEmergency response
Critical9.0-10.030 days~security::criticalStandard process
High7.0-8.930 days~security::highStandard process
Medium4.0-6.960 days~security::mediumStandard process
Low0.1-3.990 days~security::lowStandard process
InformationalN/AAs needed~security::informationalDocumentation only
Note: CISA Known Exploited Vulnerabilities (KEV) override normal severity classification due to confirmed active exploitation in the wild. Priority Escalation Factors:
  • CISA Known Exploited Vulnerabilities: Immediate 48-hour response regardless of CVSS score
  • Active exploits in the wild (beyond CISA KEV)
  • Affects internet-facing systems
  • Impacts systems processing customer data
  • No available compensating controls

5. Tracking & Remediation Workflow

5.1 Issue Creation

  • All vulnerabilities create GitLab issues in their respective repositories
  • Auto-generated from GitLab scanning OR manually created from external intelligence
  • Use standardized vulnerability issue template

5.2 Remediation Process

  1. Assignment: Issue assigned to appropriate team lead within SLA timeframe
  2. Analysis: Team assesses exploitability and business impact
  3. Remediation Planning: Document fix approach and timeline
  4. Implementation: Apply fixes via standard change management process
  5. Verification: Re-scan and confirm vulnerability resolved
  6. Documentation: Update issue with resolution evidence

5.3 Escalation Process

  • Critical/High vulnerabilities approaching SLA deadline (25 days) escalated to CTO
  • CISA Known Exploited Vulnerabilities require immediate attention (48 hour target)
  • Inability to remediate within SLA requires documented risk treatment plan
  • Emergency changes follow expedited change management process per Operations Security Policy

6. Risk Treatment Options

When standard remediation isn’t feasible:
  1. Risk Mitigation: Implement compensating controls
  2. Risk Transfer: Vendor patches or third-party solutions
  3. Risk Avoidance: Disable affected functionality
  4. Risk Acceptance: Document business justification (CTO approval required)

7. Metrics & Reporting

7.1 Monthly Metrics (Via GitLab)

  • Number of vulnerabilities by severity (tracked via GitLab issues and labels)
  • Mean time to remediation by severity
  • Overdue vulnerabilities count
  • Vulnerability source breakdown

7.2 Quarterly Reviews

  • Trend analysis and process effectiveness
  • Threat landscape changes
  • Tool performance evaluation
  • Process improvement recommendations

8. Evidence Collection & Audit Trail

All vulnerability management activities maintain audit evidence:
  • GitLab issue tracking with timestamps
  • Scan reports and results
  • Remediation verification screenshots
  • Risk treatment decisions with approvals
  • External threat intelligence monitoring logs
  • Slack #security-alerts channel history

9. Tools & References

  • GitLab Security Scanning: Primary vulnerability detection across all repositories
  • GitLab Issues: Vulnerability tracking with standardized labels
  • Personal Security Center: Cross-project vulnerability overview (Your work > Security)
  • Slack #security-alerts: Automated RSS threat intelligence monitoring
  • Issue Templates: .gitlab/issue_templates/vulnerability.md
  • CVSS Calculator: https://www.first.org/cvss/calculator/4-0

10. Review & Continuous Improvement

  • Document Review: Quarterly by CTO
  • Process Updates: Based on threat landscape changes and lessons learned
  • Tool Evaluation: Annual assessment of scanning tools and threat sources
  • Training: Annual security awareness updates for all personnel
Document Control:
  • Next Review Date: December 15, 2025
  • Distribution: All Mindset AI Ltd technical staff
  • Storage: Company security documentation repository