agentsqripts
Version:
Comprehensive static code analysis toolkit for identifying technical debt, security vulnerabilities, performance issues, and code quality problems
43 lines (40 loc) • 1.89 kB
JavaScript
/**
* @file Security vulnerability remediation effort estimator for resource planning
* @description Single responsibility: Provide realistic effort estimates for vulnerability remediation planning
*
* This estimator provides time-based effort assessments for security vulnerability remediation
* to enable effective project planning and resource allocation. It implements severity-based
* estimation that considers both technical complexity and business impact to provide
* realistic timeline expectations for security teams and project managers.
*
* Design rationale:
* - Severity-based estimation correlates vulnerability impact with remediation complexity
* - Time-based estimates enable realistic project planning and sprint allocation
* - Conservative estimation approach prevents under-resourcing security initiatives
* - Standardized effort categories enable consistent planning across different projects
* - Practical hour estimates support budget planning and team capacity management
*
* Estimation methodology:
* - Critical vulnerabilities: 4-8 hours reflecting complexity of secure implementation
* - High severity: 2-4 hours for focused remediation with testing verification
* - Medium severity: 1-2 hours for straightforward fixes with basic validation
* - Low severity: Under 1 hour for simple configuration or documentation updates
* - Unknown severity: Conservative estimate to prevent under-planning resource needs
*/
/**
* Estimates effort required to fix vulnerability
* @param {string} severity - Vulnerability severity
* @returns {string} Effort estimate
*/
function getEffortEstimate(severity) {
const estimates = {
CRITICAL: 'High (4-8 hours)',
HIGH: 'Medium (2-4 hours)',
MEDIUM: 'Low (1-2 hours)',
LOW: 'Minimal (< 1 hour)'
};
return estimates[severity] || 'Unknown';
}
module.exports = {
getEffortEstimate
};