You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »

Governance Summary is a comprehensive aggregated view of your applications portfolio.
It provides global analytics data that will help you to gain insights about your applications and let you inspect global values and trends based on data collected from your analysis.

Basically, and dependindg on the selected data range, it summarizes application data providing global values for the most important Kiuwan indicators:

  • Number of Applications and Global Size
  • Risk Index (a measure on how far you are to get an acceptable security and quality level, based on Global Indicator, Effor to Target and Applications Size)
  • Security Rating (a 5-start grade that indicates how secure your applications are)
  • Global Indicator (a general index based on software characteristics such as security, efficiency, maintainability , reliability and portability)
  • Technical Debt (a global effort measure to correct all the detected defects)

 

Please, visit https://www.kiuwan.com/blog/kiuwan-indicators/ for more information on Kiuwan Indicators.



 

Global Summarized Data

Governance Summary page displays following summarized data

 

 

 

Please note that summarized data is based on calendar's selected dates (it will consider available data up to selected data range).

 

 

 

Below are Summarized Indicators described (please https://www.kiuwan.com/blog/kiuwan-indicators/ for more information on Kiuwan Indicators=


Applications

Total number of Applications and Size (in LOCs)

It's calculated as how many application exists up to the selected data range (an app "exists" if there are analysis on it up to the selected date)

Size is calulated as the sum of the last analysis's LOC for selected applications.

 

Risk Index

Kiuwan’s Risk Index (RI) is a summary indicator that provides a measure of the implicit risk associated to the security and quality aspects of your application, according to your defined requirements (targets). It provides a measure on how far you are to get an acceptable security and quality level ( remember that the exact meaning of “acceptable” is defined by you - the “target”).

Risk Index calculation concentrates all the evidence found in the source code of your application, and its calulated combining Global Indicator (GI), Effort to Target (E2T) and Application Size.

Summarized Risk Index is calculated as a average of Risk Indexes (weighted by App`s Size) of selected apps.

 

Security Rating

Security Rating, a 5-star grade that indicates how secure your applications are in terms of the likelihood and impact of found security vulnerabilities.

A security rating of 5 stars is considered to be secure, whereas 1 star are considered to be very insecure.

Please visit Kiuwan Code Security for further info on Kiuwan Security Rating and Vulnerability types.

Summarized Security Rating is not an average !! It's calculated based on a greatest common divisor (gcd) approach of the security ratings of the selected applications.

For example, If you have 3 apps with 5-, 4- and 1-star respectively, you Global Sec Rating will be 1-star.

 

Global Indicator

Global Indicator is a a general index based on Software characteristics (ISO-25000 based), such as: Security, Efficiency, Maintainability, Reliability and Portability. It's a weighted average of those software characteristics, providing an accurate global metric for the whole application. Global Indicator is calculated through a complex algorithm that takes into account the severity of the defects, the weight of the category, the analyzed code volume and the criticality of the different programming languages.

Summarized Global Indicator is calculated as a average of Global Indicators (weighted by App`s Size) of selected apps.

 

Global Applications Distribution

 

 

 

Besides summarized indicators, Governance Summary also provides a distribution of your account's applications according following criteria.

 

Apps By Size

Histogram displaying the distribution of apps (frequency) according to 5 size ranges.

 

Apps By Risk Range

Histogram displaying the distribution of apps (frequency) according to 5 ranges for Risk Index:

  • 0-20
  • 20-40
  • 40-60
  • 60-80
  • 80-100

 

Apps By Sec Rating

Histogram displaying the distribution of apps (frequency) according to Security Rates

  • 0-20
  • 20-40
  • 40-60
  • 60-80
  • 80-100

Please note, that this distribution is based on original apps security rates. So you could find that, for example, most of your apps have 3 stars but the Summarized Security Rating is 1.

This is due to the algorithm applied to Summarized Security Rating calculus.

Please remember that Summarized Security Rating is not an average !! It's calculated based on a greatest common divisor (gcd) approach of the security ratings of the selected applications. For example, If you have 3 apps with 5-, 4- and 1-star respectively, you Global Sec Rating will be 1-star.

 

Apps by Global Indicator

Histogram displaying the distribution of apps (frequency) according to 5 ranges for Global Indicator

  • 0-20
  • 20-40
  • 40-60
  • 60-80
  • 80-100

 

Grouped By Aggregated data

 

Besides Summarized indicators (as shown above), you can select how to group aggregated data based on your available Portfolios.

 

Group By selector will present you all the available Portfolio Groups defined in your Kiuwan account.

By selecting one of them, grahics will show indicator for every one of the available Portfolio Values for the selected Portfolio Group.

As an example, if you select Business Value, data will show indicators for the different values of Business Value portfolio (Critical, High, Medium, etc.)

Simmilarly, you could select any other of the available portfolio groups.

For didactic purposes, next explanation will take Business Value as the example portfolio.

 

Apps By Business Value

It will show how many applications belong to Critical, High, Medium, Low and Very Low.

Ordering will be based on higer-to-lower frequencies.

It's worth to mention a special case, i.e. the Languages portfolio group. This is a multi-valued portfolio automatically assigned by Kiuwan based on detected languages during the analysis.

This means that, for example, if an application contains Java and Javascript files, that app willl be considered as Java AND JavaScript.

Therefore, you could find that the sum of apps by language is higher that total number of applications.

 

Risk By Business Value

It will show the average Risk Index for Critical, High, Medium, Low and Very Low applications.

Aggregated Risk Index is calculated as a weighted average based on apps' loc size.

Ordering will also be based on higer-to-lower values.

 

Security Rating By Business Value

It will show the Security Rating for Critical, High, Medium, Low and Very Low applications.

Ordering will also be based on higer-to-lower values.

As above mentioned, please remember the special algorithm applied to Summarized Security Rating.

 

Security Rating By Business Value

It will show the Security Rating for Critical, High, Medium, Low and Very Low applications.

Ordering will also be based on higer-to-lower values.

As above mentioned, please remember the special algorithm applied to Summarized Security Rating.

 

Global Indicator By Business Value

It will show the Security Rating for Critical, High, Medium, Low and Very Low applications.

Ordering will also be based on higer-to-lower values.

Aggregated Global Indicator is calculated as a weighted average based on apps' loc size.

 

Tehcnical Debt

Based on selected criteria (i.e., grouped by selected portfolio), Tehcnical Debt panel will show the Summarized Technical Debt for every value of the portfolio.

 

Summarized Technical Debt is calculated as the sum of selected applications' Effort To 100 values.

 

 

 

  • No labels