Description of problem: In Insights the CVE rules provided information to the user which packages were affected and how to redemiate this. In the Beta (and on 20.Apr in Production) the package information and redemitaion is not available anymore. Instead the user is presented with teh CVE view that is just a list of IDs without information. The user has to clikc on each CVE to get into the details. This is a huge step back for me as active Insights user. The CVE part is to much of a database and not an end-user focussed tool. Please think about add the following to the CVE part to make it as user friendly as the previous CVEs in Insights: - Per CVE in the list of affected systems include resolution information, the RedHat errata number (you know the server OS and if a correctsponding errata is ) that has to be applied - In the CVE include a summary of the Title instead of just not-user understable friendly list of IDs - In the CVE list include the affected Packages For me these changes are a key to make the CVE information directly consumable from the UI without having to click on every CVE to go the online redhat-cve-db Some parts might overlap with in older BZs i created last year, but it is now getting real-world that i must use CVE instead of the user friendly Insigts. I am open to discuss my findings in usability in a conf call.
Peter, I will send you a note offline to see if we can connect on this.
Peter and I spoke today. There is a change that is coming, that I also demo-ed to Peter, that will address this issue.
Ignore last comment. Got things mixed up. Peter and I held a call and I demo-ed the functionality to him. While a slightly different experience, the main concern Peter had I think is addressed via the additional context that I shared. Peter is going to test drive this functionality further and I have committed to him that we can connect again as needed. At this point, I don't see any material change here for this issue for the product.
Peter, hopefully you've had a chance to try out the functionality within Vulnerability since we last spoke and reviewed this issue. While the workflow is certainly different than users are accustomed to with some of the CVEs movings from Advisor to Vulnerability, I don't see this as a regression. I'm going to close this out for the time being but do let us know if you have any further questions. Happy to engage as needed.