Page MenuHomePhabricator
Create Task
Maniphest T352563

Add some type of percentage indicator for new, high-level categories within risk assessment matrix
Closed, ResolvedPublic
Actions

Description

Building off the work from T348781, @acooper would like some method of indicating the amount or percent a high-level category within the risk assessment matrix Google sheet is influencing the overall risk score. To quote:

In T348781#9370858, @acooper wrote:

It would be really nice as an extension to this, when we show that an extension has a high risk score, to give more of a sense of which of these four high level categories is most contributing to that, maybe by combining the scores for those categories and then giving it a low/medium/high risk colouring based on some threshold for that category.

I think there are a few ways of going about doing this. I'd personally probably prefer to color-code each individual health check metric for a row within the Google sheet. This could likely be done via a simple Google Sheet formula, would not require large alterations of the sheet, would not require us to embed additional code into the health check cli and would provide for a nice visual, almost heat-map style of feedback.

Related Objects
Search...

Event Timeline

sbassett created this task.Dec 1 2023, 6:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 1 2023, 6:11 PM
sbassett mentioned this in T348781: Add higher-level organizational header names to the risk matrix Google sheets.Dec 1 2023, 6:12 PM
sguebo_WMF added a comment.Dec 1 2023, 7:34 PM

The color-coding approach using Gsheet formulas seems reasonable and fairly straightforward to implement. The current table format is suited for color-coding each individual health check metric row based on its score. However, if we need to include the high-level headings to the table, I'd need to think of a good way to feature both the individual row color-code and the high-level heading color-code while avoiding visual confusion or cluttering. I'll give it some thought and try something.

sguebo_WMF changed the task status from Open to In Progress.Dec 1 2023, 7:34 PM
sguebo_WMF triaged this task as Medium priority.
sguebo_WMF added a comment.Dec 8 2023, 6:12 AM

I was able to include the high-level category and presented the relevant data in a heatmap-like fashion. Although I did not include any percentage to avoid visual cluttering, I think the heatmap colors convey a sense of where exactly the most concerning areas. Kindly take a look at the WIP_Matrix sheet and let me know what your thoughts are.

sbassett added a comment.EditedDec 8 2023, 6:02 PM
In T352563#9392449, @sguebo_WMF wrote:

I was able to include the high-level category and presented the relevant data in a heatmap-like fashion. Although I did not include any percentage to avoid visual cluttering, I think the heatmap colors convey a sense of where exactly the most concerning areas. Kindly take a look at the WIP_Matrix sheet and let me know what your thoughts are.

Looks good to me! Would be good to hear @acooper's thoughts as well. One suggestion I might make is to change Overall Score to Overall Health, so that it's clearer that a high score there is better.

samuelguebo moved this task from Backlog to In Progress on the production-risk-assessment board.Dec 14 2023, 6:03 PM
sbassett closed this task as Resolved.Jan 18 2024, 4:24 PM
sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.

@acooper and others reviewed the WIP_Matrix sheet and decided it looks good for now and should be used for our next run of the prod risk assessment tool, likely this quarter.

sbassett moved this task from In Progress to Completed on the production-risk-assessment board.Jan 18 2024, 4:24 PM
sbassett mentioned this in T362348: Add -c flag to cli_runner and reorganize data_management columns.Thu, Apr 11, 4:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL