Message-ID: <1140299790.1007.1628058302745.JavaMail.saas@kwdocs-pro-01> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_1006_1043985892.1628058302745" ------=_Part_1006_1043985892.1628058302745 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html Decision quadrants

=20
=20
=20
=20

Contents

=20 =20

Open the hamburger menu on the left of the page title to access these se= ctions: Business, Production, Development or Security. Here your applications are shown in four different graphics, depending o= n their business value, failure probability, maintenance risk,= and security risk.

Below each of these graphics, there are some metrics with data of your a= pplications: their number, the total lines of code and the results of the m= ain indicators. And then you will be able to see all your applications in a= list, sorted by different criteria.

Group the applications shown by portfolios, and so the graphics will var= y.

The business value decision quadrant is aimed to identify those applicat= ions in your portfolio that require immediate action based on their critica= lity for the business and their exposure to any of risks you are facing: Gl= obal Risk (Risk index), Failure Probability (Production Risk), Maintenance = (Development Risk) and Security Risk.

You want to have all your applications as far to the left of the graph p= ossible, regardless of the risk you are displaying. The higher the applicat= ions in the graph the more you want these applications closer to the left a= xis since these are your most critical applications. The applications with = the higher and rightmost positions are the ones needing immediate action (h= igher risk).

In the vertical axis, we represent the business value (criticality) you = have decided your applications have. It can have 5 different values, from c= ritical to very low. The metric in the horizontal axis can be chosen from t= he 4 types of risk we calculate for your applications:

• Global Risk (risk index): This index combines the= application quality (taking into account all software characteristics), th= e effort to repair based on the target for each application and the applica= tion size. If the risk index is high you should invest in quality. This mea= ns redesigning the application.
• Failure Probability (Production Risk): This indic= ates if applications are likely to provoke frequent errors in production. A= pplications with high Failure Probability could be a problem in the short t= erm.
• Maintenance Risk: This shows if the applications= =E2=80=99 maintenance costs are going to be higher than expected, or if it = is going to be complex and costly to add new functionality to them. If the = Maintenance Risk is high it could be a problem in the midterm.
• Security Risk: This indicates how vulnerable an a= pplication is to internal or external attacks based on the number of vulner= abilities found in the application=E2=80=99s code as listed by CWE and OWAS= P. A high-Security Risk indicates that applications have more exploitable v= ulnerabilities that can yield to security breaches of all kinds. ## Production

The Production quadrant is aimed to identifying those applications in yo= ur portfolio that could cause problems in production, and if they will be a= ble to recover from these errors easily. The applications with higher expos= ure to this kind of risk will be those in the upper-right area of the quadr= ant.

The vertical axis represents Failure Probability. = This indicates if applications are likely to provoke frequent errors in pro= duction. Applications with high Failure Probability could be a problem in t= he short term.

The horizontal axis represents application Complexity, a normalized (between 0 and 100) metric based on the applications=E2= =80=99 cyclomatic complexity by function, duplication of code and maintaina= bility index. ## Development

The Development quadrant is aimed to identifying those applications in y= our portfolio exposed in the midterm given the difficulty and associated co= st to maintain them. The applications with higher exposure to this kind of = risk will be those in the upper-right area of the quadrant.

The vertical axis represents Maintenance Risk: thi= s indicates if the applications=E2=80=99 maintenance costs are going to be = higher than expected, or if it is going to be complex and costly to add new= functionality to them. It is based on the evidence gathered from the code = for the maintainability index.

The horizontal axis represents application Complexity, a normalized (between 0 and 100) metric based on applications=E2=80=99= cyclomatic complexity by function, duplication of code and maintainability= index. ## Security

The Security quadrant is aimed to identifying those applications in your= portfolio that are exposed to potential internal or external attacks, that= can compromise the integrity of your organization, and if these potential = vulnerabilities can be easily corrected. The applications with higher expos= ure to this kind of risk will be those in the upper-right area of the quadr= ant.

The vertical axis represents the Security risk:&nb= sp;This indicates how vulnerable an application is to internal or external = attacks based on the number of vulnerabilities found in the application=E2= =80=99s code as listed by CWE and OWASP.

The horizontal axis represents application Complexity, a normalized (between 0 and 100) metric based on applications=E2=80=99= cyclomatic complexity by function, duplication of code and maintainability= index. =20
=20
=20
=20

=20
=20
=20