I would shoot for the ability to disposition large *.fpr/*.fvdl files.
Here is a typical workflow:
1. Scan is run code base generating an *.fpr file2. Code Reviews receive the file but because it is too large it cannot be opened by Fortify's tool.3. Code reviewer uses O2 to open file and disposition or suppress issues by Category (XSS, SQL Injection, Path Tampering, etc.)4. Code Reviewer then saves dispositions to *.fpr file.5. The *.fpr is saved and on subsequent scan of the same application. The new.fpr file is merged with the old.fpr file.6. The code reviewer works on the merged.fpr to disposition items.7. Wash, rinse, repeat.
The data needs to be stored in the *.fpr file because most code assessment processes relies on merging the old fpr with the new *.fpr/*.fvdl on subsequent rereviews.
Next step(s) is to write a script(s) to implement this workflow, and try to figure the best GUIs to enable it.
