Closed andymeneely closed 8 years ago
Let's make sure we agree on what bug labels count as defects first. I think we agreed on that but let's make sure.
Felivel and I decided that we're determining if a piece of source code is vulnerable or not
In release_filepath, we need:
num_pre_bugs
num_post_bugs
num_pre_vulnerabilities
num_post_vulnerabilities
was_vulnerable
becomes_vulnerable
For now, keep the other metrics until we update our hypothesis tests.
Let's make sure we agree on what bug labels count as defects first. I think we agreed on that but let's make sure.
Felivel and I decided that we're determining if a piece of source code is vulnerable or not
In release_filepath, we need:
num_pre_bugs
is the number of bugs that were fixed on this file two years prior to this releasenum_post_bugs
is the number of bugs that were fixed on this file two years after release.num_pre_vulnerabilities
same ideanum_post_vulnerabilities
same ideawas_vulnerable
is a boolean value that says this file was fixed for a vulnerability in the past two yearsbecomes_vulnerable
is a boolean value that says this file was fixed for a vulnerability in the next two years.For now, keep the other metrics until we update our hypothesis tests.