Reporting

This metric evaluates the resulting report as it is an important step in penetration testing, whereas it is written for multiple audiences. Answer the following questions in terms of yes or no:

• Did you remove false positives?
• Are your steps repeatable?
• Are the vulnerabilities assessed used in contextual risks?
• Do the results align with the business needs?
• Is the remediation plan suitable for the organization?

Based on the obtained score, you can evaluate your penetration testing and rank it using the following scale:

• 0-5: Low maturity level
• 6-10: Medium maturity level
• 11-15: High maturity level

For better presentation, you can use graphical charts: