You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

 

Insights >> Obsolescence

 

With Kiuwan Insights you can easily explore the versions of the components used by your applicacion.

For every external component, Kiuwan Insights clearly states the version used and provides a Obsolescence Risk indicator.

 

Information on components’ Obsolescence is accessible through Insights >> Obsolescence tab.

Insights >> Obsolescence displays version-related information on components in several sections:

  1. Overall Information on Components – aggregated information on number and type of components
  2. List of Components – detailed listing of components
  3. Component detail – detailed information on selected component

 

Before explaining the page contents, you should understand some basic concepts widely used throughout Obsolescence page.

Obsolescence Risk

Any component has a lifecycle.

This means that at some date was created and it evolved through different versions during its life time.

 

When Kiuwan Insight detects the use of a component, it displays its Used Version in your application, as well as the date when that version was released (Date).

Also, Kiuwan displays the Last Version (the latest released version of the component) and the date when the last version was released (Date).

 

With these values, Kiuwan Insights calculates two important periods of time:

  • Out of date: the elapsed time between the date of the used version and the date of the latest version (a measure of the antiquity of your version respect to the latest version)
  • Inactivity time: the elapsed time between the date of the latest version and the current date (a measure on how active is the component)

 

 

As you may already guess, high values for those periods of time are not desirable:

  • A high Out of date value would mean that you are probably missing bugfixes and new functionalities that are in newer versions.
  • A high Inactivity time value would mean that the component is “dead” and you should think of finding some more active components, most if your component contains important vulnerabilities.

 

 

Out of Date and Inactivity Time values are converted to a yearly-scale ranging from 0 to 10 years (values higher than 10y are taken as 10).

Obsolescence Risk is calculated as a weighted average of Out of Date and Inactivity Time values (converted to years):

  • Out of Date : 30%
  • Inactivity Time : 70%

 

 

Resulting values of Out of Date, Inactivity Time and Obsolescence Risk are considered as follows:

 

Value (years)

Label

0

 

( 0 , 2y  ]

 

( 2y , 5y  ]

 

( 5y, 10y ]

 

 

 

Overall Information on Components

According to the above explanation of concepts, Obsolescence tab displays overall obsolecnce information of your application.

Overall section displays:

  • Number of components falling in High-Med-Low categories for Obsolescence Risk, Out of Date and Inactivity Time
  • Scatter plot of the components’ obsolescence
  • Alerts on number of components with High value of Obsolescence Risk, Out of Date and Inactivity Time

 

List of Components

Kiuwan Insights provides a full listing of all those components being used by your application.

For every 3rd party component, you will have access to detailed component information such as:

  • Component name 
  • Used version (and release Date)
  • Last version (and release Date)
  • Number of releases between Used and Last versions
  • Out of Date 
  • Inactivity Time 
  • Obsolescence Risk 

 

 

Component details

By clicking on a component, you will have access to the following information:

  • Description of the component
  • Timely scale of component releases
  • Full list of releases (Version, Release Date and Age)

 

 

 

 

  • No labels