Recommendations in Aggregate Report are too general

[madelondohmen]

Follow up of ticket #3837

Describe the bug
Some issues have been found in the reports that are a bit confusing.

• Aggregate report, Chapter 1 - Recommendations (screenshot 1)
  • The recommendations are too general ("this port")
• Aggregate report, Vulnerabilities (screenshot 2)
  • Too general ("a database port")

To Reproduce
Steps to reproduce the behavior:

1. Create an Aggregate Report
2. Select a lot of objects
3. Select all report types

Screenshots
Screenshot 1:

Screenshot 2:

OpenKAT version
main

[madelondohmen]

Outcome of discussion meeting 26-11-2024:

Idea 1: Make the recommendations more general
Idea 2: Make the recommendations clickable
Idea 3: Change the section: do we want to show issues or recommendations?

We have to reconsider the design of the top part of the Aggregate Report.

[RomijnHumanoids]

Let's discuss this with stakeholders in the next UX session December 4.

• What should be in the management summary of a report? How can we improve our 'recommendations' section.
  • How to aggregate and how much detail per recommendation/finding.

[RomijnHumanoids]

This is discussed in stakeholder session on December 4. A small design will follow (#3938) with the proposed improvements: show risks and sort recommendations based on this (risk levels are connected to finding types), and link to the findings further in report while keeping the recommendations generic and not mention specific objects/findings.

I think we missed forming (or making notes of) a solution for the problem in the second screenshot in this ticket when discussing it within the openKAT team on 26/11/2024.

[madelondohmen]

Outcome of discussion meet 10-12-2024:

The second screenshot might already be fixed. We have to go through the report to check if this part is fixed.
@RomijnHumanoids @madelondohmen and @stephanie0x00 will check this.