---
name: "Security Vulnerability Report"
description: "Comprehensive vulnerability assessment report with technical details and remediation guidance"
type: "template"
version: "2.0.0"
author: "DollhouseMCP"
created: "2025-07-23"
category: "security"
tags: ["vulnerability", "security", "assessment", "report", "remediation"]
variables:
  - { name: "assessment_date", type: "string", required: true, description: "Date of the assessment" }
  - { name: "target_system", type: "string", required: true, description: "System or application being assessed" }
  - { name: "assessor_name", type: "string", required: true, description: "Name of the security assessor" }
  - { name: "assessment_type", type: "string", required: false, description: "Type of assessment (code_review, penetration_test, vulnerability_scan, architecture_review)", default: "code_review" }
  - { name: "client_name", type: "string", required: true, description: "Client organization name" }
  - { name: "classification", type: "string", required: false, description: "Report classification level", default: "CONFIDENTIAL" }
  - { name: "overall_risk_level", type: "string", required: false, description: "Overall risk level (CRITICAL, HIGH, MEDIUM, LOW)" }
  - { name: "findings_summary", type: "string", required: false, description: "Executive summary of findings with counts and key issues" }
  - { name: "vulnerability_stats", type: "string", required: false, description: "Pre-formatted table rows: | Severity | Count | Percentage |" }
  - { name: "business_impact", type: "string", required: false, description: "Business impact analysis with potential consequences" }
  - { name: "immediate_actions", type: "string", required: false, description: "Pre-formatted numbered list of priority actions with due dates" }
  - { name: "scope_description", type: "string", required: false, description: "Assessment scope and areas covered" }
  - { name: "methodology_details", type: "string", required: false, description: "Testing standards, tools, and approach used" }
  - { name: "limitations", type: "string", required: false, description: "Assessment limitations and constraints" }
  - { name: "detailed_findings", type: "string", required: false, description: "Pre-formatted vulnerability findings with ID, severity, CVSS, CWE, description, location, proof of concept, impact, remediation, and references for each" }
  - { name: "risk_matrix", type: "string", required: false, description: "Pre-formatted risk distribution table: | Risk Level | Count | Priority | Timeline |" }
  - { name: "phase1_tasks", type: "string", required: false, description: "Pre-formatted checklist of critical remediation tasks (0-7 days)" }
  - { name: "phase2_tasks", type: "string", required: false, description: "Pre-formatted checklist of high priority tasks (1-4 weeks)" }
  - { name: "phase3_tasks", type: "string", required: false, description: "Pre-formatted checklist of medium priority tasks (1-3 months)" }
  - { name: "cost_analysis", type: "string", required: false, description: "Pre-formatted cost-benefit table: | Remediation | Cost | Risk Reduction | ROI |" }
  - { name: "recommendations", type: "string", required: false, description: "Immediate security improvement recommendations" }
  - { name: "long_term_strategy", type: "string", required: false, description: "Long-term security strategy and program recommendations" }
  - { name: "security_metrics", type: "string", required: false, description: "Key security metrics and KPIs to track" }
  - { name: "testing_evidence", type: "string", required: false, description: "Testing evidence, screenshots, and supporting documentation" }
  - { name: "tool_output", type: "string", required: false, description: "Raw output from security testing tools" }
  - { name: "next_review_date", type: "string", required: false, description: "Date of next scheduled review" }
---
# Security Vulnerability Assessment Report

**Target System:** {{target_system}}
**Assessment Date:** {{assessment_date}}
**Assessor:** {{assessor_name}}
**Client:** {{client_name}}
**Assessment Type:** {{assessment_type}}
**Report Classification:** {{classification}}

---

## Executive Summary

### Overall Security Posture

**Risk Level:** {{overall_risk_level}}

### Summary of Findings

{{findings_summary}}

### Key Statistics

| Severity | Count | Percentage |
|----------|-------|------------|
{{vulnerability_stats}}

### Business Impact

{{business_impact}}

### Immediate Actions Required

{{immediate_actions}}

---

## Methodology

### Assessment Scope

{{scope_description}}

### Testing Approach

{{methodology_details}}

### Limitations

{{limitations}}

---

## Detailed Findings

{{detailed_findings}}

---

## Risk Assessment Matrix

### Overall Risk Distribution

{{risk_matrix}}

---

## Remediation Roadmap

### Phase 1: Critical Issues (0-7 days)

{{phase1_tasks}}

### Phase 2: High Priority (1-4 weeks)

{{phase2_tasks}}

### Phase 3: Medium Priority (1-3 months)

{{phase3_tasks}}

### Cost-Benefit Analysis

{{cost_analysis}}

---

## Recommendations

### Immediate Security Improvements

{{recommendations}}

### Long-term Security Strategy

{{long_term_strategy}}

### Metrics and KPIs

{{security_metrics}}

---

## Appendices

### Appendix A: Testing Evidence

{{testing_evidence}}

### Appendix B: Tool Output

{{tool_output}}

---

**Report prepared by:** {{assessor_name}}
**Date:** {{assessment_date}}
**Next review date:** {{next_review_date}}

*This report contains confidential and proprietary information. Distribution should be limited to authorized personnel only.*
