Using Machine Learning with Project Findings

We use the terms Actionable and Non-Actionable to denote findings that are “real” issues and “not-real” issues, respectively. A finding is said to be Actionable if it was actively triaged as Fixed, To Be Fixed, Mitigated, or Assigned, if it has a status of Gone, or if it has an issue tracker association. A finding is said to be Non-Actionable if it was actively triaged as False Positive or Ignored.

In order for Software Risk Manager to make predictions for findings, users will need to train a prediction model. Training a prediction model will collect all relevant data for findings that have been actively triaged and use that data to learn from users' past triaging decisions. See Machine Learning Control Panel for more information about how to train a prediction model.

When Software Risk Manager is making a prediction for a finding, we mean that Software Risk Manager is determining a Predicted Status for it. A Predicted Status for a finding is its Actionability. If Software Risk Manager predicts that a finding is Actionable, then we say that its Predicted Status is To Be Fixed, since Software Risk Manager thinks it's a real issue. If Software Risk Manager predicts that a finding is Non-Actionable, then we say that its Predicted Status is False Positive, since Software Risk Manager does not think it's a real issue. Every prediction that Software Risk Manager makes has a Prediction Confidence. A Prediction Confidence for a Predicted Status represents how certain Software Risk Manager is of its Predicted Status relative to the one it did not predict. Note that this is a prediction of a finding's Actionability. That being said, Software Risk Manager's prediction may not be correct.

Software Risk Manager will only attempt to make predictions for findings if a prediction model has been trained. See Machine Learning Control Panel for more information about how to train a prediction model.

Software Risk Manager will makes predictions for findings during the following situations:

• During an analysis
• After a manual result has been created
• After a prediction model has been (re)trained

In these situations, all predictions are being made automatically. During the first and third situations, predictions are automatically made for every finding in Software Risk Manager. During the second situation, a prediction is only made for the single manually created result. Since predictions are made automatically, a user may note that predictions for findings might differ between reviewing sessions.

Every value in this column consists of a Predicted Status and a Prediction Confidence.