Closed treburn closed 1 week ago
@treburn -- It seems like "Accepted" has two common semantic:
Is this how you see the semantic too?
I don't think we should close a risk just because they "accept" it as a risk. It should either be closed or open. The label itself can just say "Accepted Risk" if we want and we will treat it as an open risk but report on it differently for their team.
@treburn we went a few cycles on this topic and reoriented our statuses. can you re-review and let me know if you think we should adjust.
Good to close this out, thanks!
Change "Closed - Accepted" to "Open - Accepted" Change "Closed - Rejected" to just "Rejected" (Closed is generally for only after we open a risk and they've fixed it. We go from triage to Rejected if the risk is a false positive. This will also pave the way for substates of Rejected for our ML team) Hide "Rejected" from the UI after rejection.
Let me know if there's any confusion or discussion to be had around this topic.