Findings: Listing Page
Small Changes, Big Wins
How design for the Finding Listing page grew over multiple iterations to further provide value for users
Findings' Listing UI: Post-release
Summary
The platform aims to be 'insight-driven'—delivering value by helping organizations clearly understand their security posture, rather than leaving users to interpret large volumes of data on their own.
Challenge
How might we improve the use of space on the findings' listing page to provide context and value to the user?
Research
User Interviews
Visual Design
UX Design
Usability Testing
Team
1 Stakeholder (CEO), 1 Product Designer (Me), 1 Frontend Dev, 1 Backend Dev
My Role
I was responsible for collaborating directly with stakeholder (functioning as PM) to derive a design solution, as well as drive collaboration between design and engineering to ensure the success of this feature.
01
Initial Improvement
Before
Findings: Listing v2.0 provided an initial upgrade to the listings page.
At the MVP stage, the listings page provided its rudimentary function—a register of all findings created for the organization. As the platform matured, we wanted to further enhance the value that the listings page could provide to organizations.
Findings: Listing v1.0
Findings: Listing v2.0
In the second iteration of the listing page (i.e. Listing v2.0), the following improvements were made:
Improvement 1
Providing quick actions to filter findings by
With the necessary user research accomplished, I learnt the important use cases that needed to be available to users as quick-action filters were 'Recently Closed Findings', the 'Oldest Vulnerabilities' and 'Unassigned Vulnerabilities' in their organization.
Recently Closed Findings
Tracking recently closed findings verifies effective remediation and prevents recurrence. Following remediation, these findings are often accessed for various reasons.
Oldest Vulnerabilities
Identifying the oldest vulnerabilities highlights persistent risks that may indicate stalled remediation efforts or overlooked critical assets.
Unassigned Vulnerabilities
Similarly, unassigned findings may sometimes slip through the gaps of remediation efforts, risking prolonged exposure while no one takes responsibility.
Making these quick filters accessible to users ensures that all findings are accounted for, preventing the likelihood for breaches to occur due to lapses in judgement.
Improvement 2
Providing key summaries of important finding-related information
Adding a graph denoting the trends of vulnerabilities found provides a quick insight to the organization's security posture. Additionally, having a breakdown of the organization's findings by severity (i.e. Critical, High, Medium, Low, Informational) is essential as it is a direct translation of technical data into business risk and remediation priority.
This essentially drives risk-based prioritization, which is the core foundation of threat remediation. Every finding created is a task needed to be looked into, but with severity prioritization and quick filtering, engineers can allocate limited time and resources to focus efforts on findings that pose the highest immediate risk of exploitation to their attack surface.
02
The Solution
Development
More metrics and parameters were added to findings—further supplementing users with various avenues to dissect finding data.
As the platform's capabilities matured, we were able to include more data attributes into finding entries, further providing users with more information about specific vulnerabilities.
As a result, UI real estate became increasingly precious—we needed to deliver more data in the same (or less) space. Hence, we prioritized efficient layouts to convey key information effectively.
Findings: Listing v2.0—'Recently Closed' quick filter used
In Listings v2.0, space usage in design proved highly inefficient: metrics and quick filters consumed half the page, pushing the core of the UI—the listing table—to the bottom half. Over time, as we added more metrics, the need for better space efficiency became clear.
After
Introduction of vulnerability impact tagging to findings presented a timely opportunity for a redesign of the listing page's insights section.
Findings: Listing v2.0—'Recently Closed' quick filter used
Improvement 1
Reshuffled and readjusted layout to cater for more value in less space
To maximize space efficiency, the insights section now delivers more data and impactful insights in less space—providing greater value without overwhelming the page.
Improvement 2
Findings had vulnerability impact tags added to their attributes
With the new impact tagging attribute, users gain clearer context on how vulnerabilities affect them and potential attack vectors targeting their attack surface. In the insights section, these tags also serve as quick-action filters, enabling faster access to specific findings—potentially reducing the Mean Time to Remediate (MTTR).
03
Considerations
Covering Bases
Early and frequent collaboration with cross-functional teams is essential to the feature's success.
Earlier Iteration of the Findings: Listing v2.0 Insights Section
Close-to Final Iteration of the Findings: Listing v2.0 Insights Section
Ensuring Feasibility - For instance, the insights section was intended to display finding counts by their respective impact tag, sorted in an ascending order. Discussions with engineering revealed this query would load too slowly, harming page performance and user experience.