Page MenuHomePhabricator
Create Task
Maniphest T348782

Re-evaluate the weighting of the various risk factors
Closed, ResolvedPublic
Actions

Description

Currently, the python cli uses an ad-hoc, slightly non-standard means of calculating risk scores (see example). It would be good to evaluate each risk factor's scoring mechanism and attempt to standardize upon them in the following ways:

  1. Use a standard 10 or 20 (or whatever makes sense) point scale for every factor.
  2. Potentially use standard divisions of the aforementioned standardized scale (e.g. 0-5 is good, 6-10 is ok, 10+ is bad)
  3. Potentially provide a convenient way to further customize the weight of a risk factor for calculating the overall risk score (stretch goal)

Details

TitleReferenceAuthorSource BranchDest Branch
Standardize score scalingrepos/security/wikimedia-code-health-check!23sgueboT348782/standardize-risk-scalemain
Customize query in GitLab

Related Objects
Search...

Event Timeline

sbassett created this task.Oct 12 2023, 4:48 PM
Restricted Application added a project: Security-Team. · View Herald TranscriptOct 12 2023, 4:48 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
sbassett moved this task from Incoming to In Progress on the Security-Team board.Oct 16 2023, 4:14 PM
sbassett moved this task from Backlog to In Progress on the production-risk-assessment board.
sbassett assigned this task to sguebo_WMF.Oct 24 2023, 3:00 PM
CodeReviewBot added a project: Patch-For-Review.Nov 12 2023, 2:51 AM

sguebo opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/23

Standardize score scaling

sguebo_WMF added a comment.Nov 12 2023, 3:00 AM

@sbassett I proposed some changes in a new PR. I've seen some linting issues but I'll look into it a bit later. For now, I'd be curious to know whether I am going in the right direction. So let me know when you get the chance to look at the code.

sguebo_WMF changed the task status from Open to In Progress.Nov 12 2023, 3:00 AM
sguebo_WMF triaged this task as Medium priority.
CodeReviewBot added a comment.Dec 14 2023, 5:31 PM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/23

Standardize score scaling

sbassett closed this task as Resolved.Dec 14 2023, 5:33 PM
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.
sbassett moved this task from In Progress to Completed on the production-risk-assessment board.
sbassett removed a project: Patch-For-Review.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits