Page MenuHomePhabricator

Re-evaluate the weighting of the various risk factors
Closed, ResolvedPublic


Currently, the python cli uses an ad-hoc, slightly non-standard means of calculating risk scores (see example). It would be good to evaluate each risk factor's scoring mechanism and attempt to standardize upon them in the following ways:

  1. Use a standard 10 or 20 (or whatever makes sense) point scale for every factor.
  2. Potentially use standard divisions of the aforementioned standardized scale (e.g. 0-5 is good, 6-10 is ok, 10+ is bad)
  3. Potentially provide a convenient way to further customize the weight of a risk factor for calculating the overall risk score (stretch goal)


TitleReferenceAuthorSource BranchDest Branch
Standardize score scalingrepos/security/wikimedia-code-health-check!23sgueboT348782/standardize-risk-scalemain
Customize query in GitLab

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

@sbassett I proposed some changes in a new PR. I've seen some linting issues but I'll look into it a bit later. For now, I'd be curious to know whether I am going in the right direction. So let me know when you get the chance to look at the code.

sguebo_WMF changed the task status from Open to In Progress.Nov 12 2023, 3:00 AM
sguebo_WMF triaged this task as Medium priority.
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.
sbassett moved this task from In Progress to Completed on the production-risk-assessment board.
sbassett removed a project: Patch-For-Review.