Technical Discovery - Vulnerability report grouping
Vulnerability report grouping (&10164) is a large and complex project. UX is finalizing designs and conducting user research 16.3 and 16.4. During that time we will conduct a Technical Discovery.
The result of this technical discovery should be:
- Updating the epic to ensure it remains the SSOT for the overall plan and resources.
- Creation of additional discovery/spike issues
- Creation of implementation issues
Open questions
Identify scope that is not currently supported
Scope not captured within the designs
Design gaps (eg. "what happens when you do X?")
UI code gaps (eg. "does our table component support X?")
Data gaps (eg. "does our data format support what is displayed in the UI?")
- Group by OWASP Top 10 - #419092 (closed)
- Group by CWE Top 25 - #422179
- Group by pipeline - May not be required, wait for final UX design. See #419568 (comment 1515228803)
External teams we should engage (DB, infra, etc)
Risks
Identify if we should build a POC first
Identify MVC
Identify scope of first two milestones
Determine which work can be parallelized and which will be blocking (backend/backend, frontend/backend, etc).
Edited by Bala Kumar