KPI 1: CII Badging (Tony)
CII security requirements
- Assurance case requirement: 50% of the projects have "Met" that requirement
- project needs to produce documentation to satisfy this requirement and link to it from the CII badge page (wiki, readthedocs)
- Application quality security requirements at the silver level: fewer than 10% of the projects not answering
CII non-security requirements with canned responses: 100% "Met" response
- Note: All projects need to upgrade response to Passing (Vulnerability Report Private) to "Met"
KPI 2: Closed OJSI tickets (Krzysztof)
- 80% of OJSI tickets closed
- fewer than 5 HTTP interfaces
KPI 3: Known Vulnerabilities in Third Party Packages (Amy)
- 75% of direct dependencies upgraded to latest version
KPI 5: Code coverage tests (Pawel, Amy)
- all projects achieve 55% code coverage for the Frankfurt release and 60% for the Guilin release
or alternatively
- each project provides a firm proposal to improve code coverage % within the Frankfurt release life-cycle.