You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

 Kiuwan provides indicators for:

  • Software characteristics
    • Security, efficiency, maintainability, reliability, and portability
  • Global Indicator
    • It is calculated as the weighted average of the above software characteristics through a complex algorithm that has into account the severity of the defects, the weight of the category in which the defect is, the analyzed code volume and the criticality of the language for Kiuwan user. Kiuwan allows to “customize” this algorithm by modifying its level of demand, the weights of the category and the priority of the rules.
  • Effort to Target
    • The amount of work effort needed to reach the defined goal. Objectives are defined at the application level. These objectives are configurable. CQM has a repair effort assigned for each one of the more than 4,000 rules it incorporates. The sum of the repair efforts of each defect indicates the time needed to reach the targets.
  • Risk Index
    • It is a summary index that concentrates all evidence found in the application source code and could be understood as the risk associated with the software defects found related to defined goals and effort to reach them. See below for further details. 

 

Icon

Have a look at our Kiuwan's Blog post  for a practical approach to understanding Kiuwan Indicators 


What’s the meaning of the ri and how is it calculated?

The risk index represents the potential problems that you are assuming by not paying attention to the security and quality of your source code. In other words: how far you are (measured in effort) to get an acceptable level.

Risk index calculation concentrates all the evidence found in the source code of your application and is calculated combining Global Indicator, Effort to Target and Code Size.  

Therefore, if you have a poor global indicator, but the effort needed to get better is low, you are not assuming a high risk in this application because you are going to repair your defects easily. But if the effort needed to get better is very high, your risk index will be high, too.

There’s no simple “adequate” or critical threshold for Risk Index. As a rule of thumb, any value greater than 0 should be “observed”, as it means that, based on defined goals, actions should be done to decrease it.

Pay attention to risk index evolution over time and use it as a metric to compare against multiple applications.

  • No labels