Designing for Clarity in Vulnerability Reporting

Created a searchable, centralized Security Advisories hub to increase transparency, reduce confusion, and empower users to navigate security threats confidently.

Overview

The SolarWinds Security Advisories page was originally created to publish vulnerabilities that directly affected SolarWinds products. However, customers frequently reached out to Support and Security teams with questions about third-party CVEs mentioning SolarWinds—uncertain if these impacted their systems.

To reduce confusion and improve transparency, I designed a centralized, searchable hub for all CVEs (internal and third-party). This empowered users to self-serve information and reduced unnecessary support inquiries.

“I saw on [third-party site] that this vulnerability could affect my product. Does it?”

The Challenge

Command F is no way to search
Technically, yes—it works. But for a table spanning six columns and dozens of entries updated several times a month, it wasn’t scalable. Users needed exact phrasing to find results, and even then, multiple hits meant scanning line by line.

Out of sight, out of mind
Third-party CVEs lived as isolated KB articles—unannounced, unsearchable, and disconnected from the main index. With no centralized database or visibility, customers didn’t even know these advisories existed. Finding them meant guessing keywords or paging through unrelated search results.

Okay… but which CVEs should I care about?
Severity scores (e.g., 5.3 vs 5.6 — both “High”) offered little real-world meaning. Users couldn’t distinguish between internal CVEs that required action and external ones that posed no risk.

It all begins with an idea. Maybe you want to launch a business. Maybe you want to turn a hobby into something more. Or maybe you have a creative project to share with the world. Whatever it is, the way you tell your story online can make all the difference.

Solution

Centralized all CVEs (internal + 3rd party) in one searchable hub

Streamlined Discovery

Added horizontal filtering and sorting to help users quickly find relevant vulnerabilities by product, severity, or date.

Visual Differentiation System

Introduce clear visual cues—color, icons, and new internal “SWSA” codes—to distinguish SolarWinds advisories from third-party ones.

Consistent Advisory Experience

Standardize templates for all advisories, creating a cohesive and predictable journey from the CVE index to detailed pages.

Outcome & Next Steps

The project is currently on hold pending prioritization, but upon launch, I recommended tracking the page for three months to measure:

  • Decrease in support cases related to 3rd-party CVE inquiries

  • Filter and sort usage rates

  • Improved findability of security information across web properties

Future Opportunities:

  • Cross-link advisories from product and support pages

  • Expand hub functionality into a searchable security database

Lessons Learned

Even small usability gaps (like Command+F dependency) can have major operational costs.

Transparency isn’t just about access to data—it’s about context and clarity in how that data is presented.