Monitoring overdue issues
Security analysts can see the number of applications that have overdue issues so that they can quickly calculate which issues or applications are out of compliance. AppScan Enterprise v9.0.3 includes an Overdue formula that can be modified or used as an example for creating complex formulas. If your organization must comply with the Payment Card Industry standard, you can add that to the formula. Or modify the formula so that if an issue is still marked New after 10 days, and it has a high severity, it is automatically overdue.
Before you begin
IF(classification=scancoveragefindings,0,IF(status=noise,0,IF(status=passed,0,IF(status=fixed,0,AGE()-IF(severity>8.9,
3, IF(severity>6.9, 5, IF(severity>3.9, 7, IF(severity>0, 14, 100))))))))
Severity range | Value | Number of days overdue |
---|---|---|
Greater than 9.0 | Critical | 3 |
Greater than 7.0 | High | 5 |
Greater than 4.0 | Medium | 7 |
Greater than 0.1 | Low | 14 |
Less than 0.1 | Information | 100 |
If these suggested resolution times don't fit into your workflow, modify the formula in the Issue Profile Template.
About this task
Procedure
- From the Portfolio view, sort the Overdue column in the application list in descending order, or add an Overdue=YES filter.
- Apply filters to fine-tune the list, such as Max Severity=High + Business Impact=Critical Impact.
- Select an application and group by Severity.
- Now you can select an issue number and get more details, such as when the issue was created. This date indicates by how many days the issue is overdue for being fixed.