Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider adding 'rank' or 'probability' property #58

michaelcfanning opened this issue Oct 11, 2017 · 2 comments


Copy link

@michaelcfanning michaelcfanning commented Oct 11, 2017

Some tools produce an issue rank. It is difficult to normalize rank across tools. One idea is to normalize all these to a value from 0 to 1 (0 to 100% certainty of value). Some tools provide a numeric rank with no known upper bound , however.


This comment has been minimized.

Copy link

@katrinaoneil katrinaoneil commented Oct 29, 2017

Fortify uses what we call Fortify Priority Order (FPO), a custom system of ranking the issues based on:

  • Impact (a static value from 0 to 5)
  • Probability (a static value from 0 to 5)
  • Accuracy (a static value from 0 to 5)
  • Confidence (a dynamic value from 0 to 5)

Likelihood gets calculated dynamically based on Probability, Accuracy, and Confidence, and depending on the value of Likelihood and Impact, the issues are placed in either Critical, High, Medium, or Low buckets.


This comment has been minimized.

Copy link
Contributor Author

@michaelcfanning michaelcfanning commented Nov 27, 2018

Closing as duplicate of #280

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.