From the perspective of defect management defects can be classified into two categories i.e. security related defects and non security related defects. The security-related defects need some additional information attached with each security defect. Defect classification in Dynamics AX, for all kinds of defects (i.e. irrespective of the type of testing discovering the bugs), is based on the following factors:
Bug priority
Category
Issue status
Requirement Ref.
STRIDE
Severity
Discoverability
Mitigation
Vulnerability
Resources
The defect management tool should have the provision to accept all the security-related defects' information. The tool should ensure that when a defect is logged as a security-related issue, the user enters all the required information. The tool should also be able to generate reports as per all the dimensions mentioned above.