1823708 – [Beta][Regression] CVE instead Insights missing any user guidance on package and remediation through errata

Bug 1823708 - [Beta][Regression] CVE instead Insights missing any user guidance on package and remediation through errata

Summary: [Beta][Regression] CVE instead Insights missing any user guidance on package ...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Hybrid Cloud Console (console.redhat.com)
Classification:	Red Hat
Component:	Vulnerability
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	---
Assignee:	Tomas Lestach
QA Contact:	Martin Kourim
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1122832
TreeView+	depends on / blocked

Reported:	2020-04-14 10:24 UTC by Peter Vreman
Modified:	2020-04-25 15:18 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-04-25 15:18:50 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Peter Vreman 2020-04-14 10:24:08 UTC

Description of problem:
In Insights the CVE rules provided information to the user which packages were affected and how to redemiate this.

In the Beta (and on 20.Apr in Production) the package information and redemitaion is not available anymore. Instead the user is presented with teh CVE view that is just a list of IDs without information. The user has to clikc on each CVE to get into the details.

This is a huge step back for me as active Insights user. The CVE part is to much of a database and not an end-user focussed tool.


Please think about add the following to the CVE part to make it as user friendly as the previous CVEs in Insights:
- Per CVE in the list of affected systems include resolution information, the RedHat errata number (you know the server OS and if a correctsponding errata is ) that has to be applied
- In the CVE include a summary of the Title instead of just not-user understable 
friendly list of IDs
- In the CVE list include the affected Packages


For me these changes are a key to make the CVE information directly consumable from the UI without having to click on every CVE to go the online redhat-cve-db

Some parts might overlap with in older BZs i created last year, but it is now getting real-world that i must use CVE instead of the user friendly Insigts.

I am open to discuss my findings in usability in a conf call.

Comment 1 Mohit Goyal 2020-04-14 14:44:54 UTC

Peter, I will send you a note offline to see if we can connect on this.

Comment 3 Mohit Goyal 2020-04-15 14:41:32 UTC

Peter and I spoke today. There is a change that is coming, that I also demo-ed to Peter, that will address this issue.

Comment 4 Mohit Goyal 2020-04-15 14:43:38 UTC

Ignore last comment. Got things mixed up. Peter and I held a call and I demo-ed the functionality to him. While a slightly different experience, the main concern Peter had I think is addressed via the additional context that I shared. Peter is going to test drive this functionality further and I have committed to him that we can connect again as needed.

At this point, I don't see any material change here for this issue for the product.

Comment 5 Mohit Goyal 2020-04-25 15:18:50 UTC

Peter, hopefully you've had a chance to try out the functionality within Vulnerability since we last spoke and reviewed this issue. While the workflow is certainly different than users are accustomed to with some of the CVEs movings from Advisor to Vulnerability, I don't see this as a regression.

I'm going to close this out for the time being but do let us know if you have any further questions. Happy to engage as needed.

Note You need to log in before you can comment on or make changes to this bug.