Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider adding 'rank' or 'probability' property #58

Closed
michaelcfanning opened this issue Oct 11, 2017 · 2 comments
Labels

Comments

@michaelcfanning
Copy link
Contributor

@michaelcfanning michaelcfanning commented Oct 11, 2017

Some tools produce an issue rank. It is difficult to normalize rank across tools. One idea is to normalize all these to a value from 0 to 1 (0 to 100% certainty of value). Some tools provide a numeric rank with no known upper bound , however.

@katrinaoneil

This comment has been minimized.

Copy link

@katrinaoneil katrinaoneil commented Oct 29, 2017

Fortify uses what we call Fortify Priority Order (FPO), a custom system of ranking the issues based on:

  • Impact (a static value from 0 to 5)
  • Probability (a static value from 0 to 5)
  • Accuracy (a static value from 0 to 5)
  • Confidence (a dynamic value from 0 to 5)

Likelihood gets calculated dynamically based on Probability, Accuracy, and Confidence, and depending on the value of Likelihood and Impact, the issues are placed in either Critical, High, Medium, or Low buckets.

@michaelcfanning

This comment has been minimized.

Copy link
Contributor Author

@michaelcfanning michaelcfanning commented Nov 27, 2018

Closing as duplicate of #280

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.