KPI 1: CII Badging (Tony)
CII security requirements
- Assurance requirements: 50% of the projects have "Met" one additional requirement
- Application quality security requirements at the silver level: fewer than 10% of the projects not answering
CII non-security requirements with canned responses: 100% "Met" response
- Note: All projects need to upgrade response to Passing (Vulnerability Report Private) to "Met"
KPI 2: Closed OJSI tickets (Krzysztof)
- 80% of OJSI tickets closed
- fewer than 5 HTTP interfaces
KPI 3: Known Vulnerabilities in Third Party Packages (Amy)
- 75% of direct dependencies upgraded to latest version
KPI 5: Code coverage tests (Pawel, Amy)
- all projects achieve 55% code coverage for the Frankfurt release and 60% for the Guilin release