How to Configure Issue Stats Thresholds in Fortify Software Security Center

 
0 Likes

The Issue Stats dashboard page shows summary information about issues for the application versions on Fortify Software Security Center, including the number of days that it is taking to review and fix them. To provide a visual cue as to how quickly issues are being handled, the Issue Stats page displays colored bars next to the values for the Average Days to Review and Average Days to Remediate. A green bar indicates that issues are being managed quickly, a red bar indicates that issue management is too slow, and an orange bar indicates that issue management is somewhere between these two extremes.

How Average Days to Review and Average Days to Remediate are Calculated

Before it calculates the Average Days to Review and Average Days to Remediate values, Fortify Software Security Center applies the following rules:

  • Fortify Software Security Center excludes the following issues from its calculations:

    • All issues that were audited or removed 365 days ago or earlier
    • All suppressed issues
    • Issues that have not been either audited or removed
  • To calculate issue aging for audited issues, Fortify Software Security Center uses the date and time on which the issue was first audited.

  • For issues that were not audited but were removed, Fortify Software Security Center uses the removal date as the audit date.

  • To calculate issue dates, Fortify Software Security Center performs the following to clean up dates and times:

    • Adjusts issue found dates and times to 12:00 AM of the date the issues were found.
    • Adjusts issue audited dates and issue removed dates to 12:00 am of next day.

    These adjustments are required to calculate average dates correctly. For example, without these adjustments, the calculated averages would be zero for issues that were found and audited on the same date, which is not correct. For an issue found on March 2 and audited at March 5, the days to review is 5 – 2 + 1, or 4 days.

After it applies all of these rules and makes time and date adjustments, Fortify Software Security Center calculates the average of two values—(auditTime - foundDate) and (removedDate - foundDate)—to get average number of days to audit and remediate issues

Setting the Issue Stats Thresholds

You set the thresholds that determine what users see when they review summary information about the application versions to which they have access. By default, the Issue Stats page displays values of fewer than 100 days (minimum) in a green bar, any values greater that 365 days (maximum) in red, and values in between as yellow.

To set the color thresholds for Average Days to Review and Average Days to Remediate:

  1. On the OpenText header, select Administration.

  2. In the left pane, under Metrics & Tracking, select Issue Age.

    The Issue Age page opens. The minimum and maximum values for Average Days to Review and Average Days to Remediate are set to 100 and 365, respectively.

                                      

  1. To reset the thresholds for the average number of days to review Issues, under for Average Days to Review, do one of the following:

    • Adjust the slider control.
    • Change the values shown in the Min. and Max. combo boxes.
  2. To reset the thresholds for the average number of days to remediate Issues, under for Average Days to Remediate, do one of the following:

    • Adjust the slider control.
    • Change the values shown in the Min. and Max. combo boxes.
  3. Click SAVE.

The color coded values on the Issue Stats dashboard page reflect your changes.

Labels:

Support Tip
Comment List
Related
Recommended