You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

 

Insights >> Obsolescence

With Kiuwan Insights you can easily explore the versions of the components used by your applicacion.

For every external component, Kiuwan Insights clearly states the version used and provides a Obsolescence Risk indicator.

Information on components’ Obsolescence is accessible through Insights >> Obsolescence tab.

Insights >> Obsolescence displays version-related information on components in several sections:

  1. Overall Information on Components – aggregated information on number and type of components
  2. List of Components – detailed listing of components
  3. Component detail – detailed information on selected component

 

Before explaining the page contents, you should understand some basic concepts widely used throughout Obsolescence page.

 

Obsolescence terms (Out of Date, Inactivity Time and Obsolescence Risk)

Any component has a lifecycle. This means that at some date was created and it evolved through different versions during its life time.

When Kiuwan Insight detects the use of a component, it displays its Used Version in your application, as well as the date when that version was released (Date).

Also, Kiuwan displays the Last Version (the latest released version of the component) and the date when the last version was released (Date).

 

With these values, Kiuwan Insights calculates two important periods of time:

  • Out of date: the elapsed time between the date of the used version and the date of the latest version (a measure of the antiquity of your version respect to the latest version)
  • Inactivity time: the elapsed time between the date of the latest version and the current date (a measure on how active is the component)

 

 

As you may already guess, high values for those periods of time are not desirable:

  • A high Out of date value means that you are probably missing bugfixes and new functionalities that are in newer versions.
  • A high Inactivity time value means that your component is “dead” and you should think of finding some more active components, most if your component contains important vulnerabilities.

 

Let’s see with an example.

 

 

Out of Date and Inactivity Time values are converted to a yearly-scale ranging from 0 to 10 years (values higher than 10y are taken as 10).

Obsolescence Risk is calculated as a weighted average of Out of Date and Inactivity Time values (converted to years):

Metric

Weight

         Out of Date        

30%

Inactivity Time

70%

 

 

 

  • No labels