Monitoring overdue issues
Security analysts can see the number of applications that have overdue issues so that they can quickly calculate which issues or applications are out of compliance. AppScan Enterprise v9.0.3 includes an Overdue formula that can be modified or used as an example for creating complex formulas. If your organization must comply with the Payment Card Industry standard, you can add that to the formula. Or modify the formula so that if an issue is still marked New after 10 days, and it has a high severity, it is automatically overdue.
Before you begin
IF(classification=scancoveragefindings,0,IF(status=noise,0,IF(status=passed,0,IF(status=fixed,0,AGE()-IF(severity>10,
3, IF(severity>7.4, 5, IF(severity>5, 7, IF(severity>1.9, 14, 100))))))))
Note: v9.0.3.1 iFix2: In
previous versions, the Overdue formula didn't include scan coverage findings in its calculations,
and this caused a discrepancy in the numbers that were displayed in the Applications tab and
Portfolio tab. As of v9.0.3.1 iFix2, you must edit the Overdue Formula so that it includes scan
coverage findings. You must add
IF(classification=scancoveragefindings,0,
at the
beginning of the formula, and add a closing bracket at the very end.Here's how the Overdue formula breaks down: If the issue status is noise,
passed, or fixed, then the issue is not overdue. Otherwise, the formula is "issue AGE - severity
mapping".
Severity range | Value | Number of days overdue |
---|---|---|
Greater than 10 | Critical | 3 |
Greater than 7.4 | High | 5 |
Greater than 5 | Medium | 7 |
Greater than 1.9 | Low | 14 |
Less than 1.9 | Information | 100 |
If these suggested resolution times don't fit into your workflow, modify the formula in the Issue Profile Template.
About this task
Procedure
- From the Portfolio view, sort the Overdue column in the application list in descending order, or add an Overdue=YES filter.
- Apply filters to fine-tune the list, such as Max Severity=High + Business Impact=Critical Impact.
- Select an application and group by Severity.
- Now you can select an issue number and get more details, such as when the issue was created. This date indicates by how many days the issue is overdue for being fixed.