Skip to content

Three ways to prove it's fixed.

A closed ticket isn't proof. Re-scan, API probe, manual attestation: three findings, each verified its own way and packaged with a signed manifest you can check yourself. Synthetic data, real integrity.

Synodician
Sample · synthetic data

Basirah evidence package

PKG-SAMPLE-0001 · generated 2026-02-06 · Meridian Retail Group (synthetic)

3 / 3
findings verified
3
frameworks mapped
100%
control coverage
100%
SLA met

Findings

critical CVE-2024-3094 PASS

Malicious backdoor in xz-utils liblzma

sample-edge-gateway-03 internet-facing on CISA KEV verified 2026-02-06

Independent re-scan , corroborated by scanner evidence. Independent re-scan confirmed liblzma upgraded to a fixed build; the backdoor signature is no longer present.

high CVE-2023-44487 PASS

HTTP/2 Rapid Reset denial of service

sample-checkout-api-02 internet-facing on CISA KEV verified 2026-02-05

API probe , corroborated by scanner evidence. API probe confirmed the endpoint now resets abusive streams and enforces concurrent-stream limits.

medium Public read access on object storage bucket PASS

Public read access on object storage bucket

sample-reports-bucket external verified 2026-02-05

Manual attestation , corroborated by control validation. Owner attested the bucket policy was corrected; control validation confirmed public read access is removed.

Control mappings

  • SOC 2 · CC7.1 gap → satisfied
  • ISO 27001 · A.8.8 gap → satisfied
  • SOC 2 · CC7.2 gap → satisfied
  • PCI DSS · 6.3.3 gap → satisfied
  • ISO 27001 · A.5.23 gap → satisfied
  • SOC 2 · CC6.1 gap → satisfied

Modeled exposure

$420k (P50) · $2.1M (P95) annualized loss

modeled / illustrative, not a realized or measured figure.

Integrity

SHA-256 manifest, ed25519 signature. Change one byte and the check fails.

SHA-256 f0613bdc6ef9fdf246c38083fe144bea6314455f454053c7c6fe80730261aff8

Verify it yourself

We'll add you to occasional product updates. Unsubscribe anytime.