What are application managers’ expectation from a code security scanner results dashboard?
We wanted to learn:
Which KPIs are most useful for Application managers in decision-making related to vulnerability findings?
Which code scanning tools are currently used by our developers?
How do they currently handle and manage vulnerability-related issues identified during code scanning?
Are there any specific challenges the developers face in dealing with vulnerabilities found by code scanning tools?
Our assumptions:
Application managers are interested in application summaries.
Application managers want to know what vulnerabilities are present in my project and how to prioritize them.
Drafted the initial version of application analytics with the assumption that gathering feedback based on Version 1.0 would be more beneficial for a new feature rollout than directly soliciting preferences.