Thursday, 6 December 2012

Feedback on TeamMentor webcast (with Ideas to make TeamMentor better)

Danny Harris saw the 'Streamline the Fix' Webcast, liked what he saw, and sent us great feedback

Here is what he sent (unedited by me):


--------------------------------

1. 


2.     Indicate which articles have been read by changing the colour of the URL.

3.     For each user, have a History page showing which articles have been read in reverse chronological order.

4.     Allow users to create a list of favourite pages like you can do with browsers:  drag the icon to a favourites bar

5.     Create a “How to use TeamMentor” cheat sheet (1-2 pages) that shows key functionality for developers, QA people, Policy people, security people (maybe do a “how to” use for each major type of user).

6.     Show a use case for organizations to have a list of their top N bugs or vulnerabilities:
a.     http://bsimm.com/online/ssdl/cr/?s=cr1.1#cr1.1  Create a top N bugs list (real data preferred). The SSG maintains a list of the most important kinds of bugs that need to be eliminated from the organization’s code. The list helps focus the organization’s attention on the bugs that matter most. A generic list could be culled from public sources, but a list is much more valuable if it is specific to the organization and built from real data gathered from code review, testing, and actual incidents. The SSG can periodically update the list and publish a “most wanted” report. (For another way to use the list, see [T1.6] Create and use material specific to company history.) Some firms use multiple tools and real code base data to build top N lists, not constraining themselves to a particular service or tool. One potential pitfall with a top N list is the problem of “looking for your keys only under the street light.” For example, the OWASP Top Ten list rarely reflects an organization’s bug priorities. Simply sorting the day’s bug data by number of occurrences does not produce a satisfactory Top N list since these data change so often.

7
.     
For companies that have purchased other SecurityInnovation training, include prominent links in the body of the documents on various online training options.   I think this part of the tool has not been adequately leveraged.  Many times people don’t want to read about X, they would rather see and hear about it.  This also makes the concepts stick in the mind of the person.  So point them to your online training!

8.
     
From a usability perspective, there needs to be a much easier way to copy a link back into an email.  I also think you might want to have some email templates created to allow a QA person or developer to fill in the details and send it off to the appropriate parties.  So in order to get a link embedded into an email, the user has to find the article, click the link, highlight the link, copy it, and then paste it into an email.  Too much work.  Make it easier.