stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

devops folders consolidate

Browse Source
This commit is contained in:
master
2026-01-25 23:27:41 +02:00
parent 6e687b523a
commit a50bbb38ef
334 changed files with 35079 additions and 5569 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
docs-archived/product/advisories/25-Jan-2026 - Linkset Correlation Algorithm Improvements.md Normal file
View File

@@ -0,0 +1,52 @@
# 25-Jan-2026 - Linkset Correlation Algorithm Improvements
> **Status**: Archived - translated to sprint tasks and documentation
> **Sprint**: `SPRINT_20260125_001_Concelier_linkset_correlation_v2.md`
> **Documentation**: `docs/modules/concelier/linkset-correlation-v2.md`
---
## Summary
Product advisory proposing improvements to Stella Ops' CVE linking/correlation algorithm. The advisory identified critical failure modes in the current `LinksetCorrelation` implementation and proposed a concrete upgrade path.
## Key Recommendations Applied
### Phase 1 (High Impact, Low Effort) - Implemented
1. Replace alias intersection with graph connectivity scoring
2. Replace PURL intersection with pairwise + coverage scoring
3. Fix reference conflict logic (zero overlap = neutral, not conflict)
4. Typed conflict severities with per-reason penalties
### Phase 2 (High Impact, Medium Effort) - Sprint Tasks Created
5. Patch lineage as top-tier correlation signal
6. Version compatibility scoring (Equivalent/Overlapping/Disjoint)
7. IDF weighting for package keys
### Phase 3 (Differentiating) - Documented for Future
8. Fellegi-Sunter probabilistic linkage model
9. TF-IDF text similarity with MinHash/LSH
10. Correlation clustering for cluster formation
## Artifacts Produced
- Sprint file: `docs/implplan/SPRINT_20260125_001_Concelier_linkset_correlation_v2.md`
- V2 Algorithm: `src/Concelier/__Libraries/StellaOps.Concelier.Core/Linksets/LinksetCorrelationV2.cs`
- Model update: `AdvisoryLinksetConflict` extended with `Severity` property
- Documentation: `docs/modules/concelier/linkset-correlation-v2.md`
- Architecture update: `docs/modules/concelier/architecture.md` § 5.2
- Runbook update: `docs/modules/concelier/operations/conflict-resolution.md` § 5.1
## Original Advisory Content
You already have the right *architectural* posture (LNM, immutable observations, conflict-first traceability). "Best-in-class" for the linker now comes down to (1) eliminating a few structural failure modes in the current scoring logic, (2) moving from a **hand-weighted sum** to a **calibrated linkage model**, and (3) adding **high-discriminative signals** that most vulnerability linkers still underuse (patch lineage, semantic text similarity with deterministic fallbacks, and cluster-level graph optimization).
[Full advisory content preserved in conversation history]
---
## Archived
- **Date**: 2026-01-25
- **Archived by**: Product Manager role
- **Reason**: Translated to documentation + sprint tasks