stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/features/dropped/comparative-evidence-suppression-pattern-analysis.md

2.2 KiB
Raw Permalink Blame History

Comparative Evidence/Suppression Pattern Analysis

Module

Attestor

Status

PARTIALLY_IMPLEMENTED

Description

Evidence and suppression patterns are implemented in the scanning and VEX override subsystems. The advisory was primarily a research/comparison document; its findings appear to have influenced the VEX override and evidence panel designs rather than producing a standalone feature.

What's Implemented

  • VEX Override System: src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/ -- VexOverridePredicateBuilder, VexOverridePredicateParser, VexOverrideDecision, EvidenceReference -- provides structured suppression with evidence.
  • Audit Hash Logger: __Libraries/StellaOps.Attestor.ProofChain/Audit/AuditHashLogger.cs (with .Validation) -- audit logging for evidence and suppression actions.
  • Change Trace Attestation Service: ProofChain/ChangeTrace/ChangeTraceAttestationService.cs -- tracks changes including suppressions.
  • VEX Delta Tracking: Predicates/VexDeltaPredicate.cs, VexDeltaChange.cs, VexDeltaSummary.cs -- tracks VEX status transitions.

What's Missing

  • Cross-organization pattern analysis: No service that compares suppression patterns across tenants or organizations to detect anomalous suppression rates.
  • Suppression pattern dashboard: No UX component showing suppression trends, outliers, or comparative analysis against baselines.
  • Suppression quality scoring: No scoring model that evaluates the quality/legitimacy of suppressions based on evidence strength.
  • Anomaly detection: No automated detection of suspicious suppression patterns (e.g., bulk suppressions without evidence, suppressions of critical CVEs).

Implementation Plan

  • Design a suppression analytics service that aggregates suppression patterns
  • Implement cross-tenant comparison with configurable baselines
  • Add suppression quality scoring based on evidence reference count and type
  • Build anomaly detection rules for suspicious suppression patterns
  • Add dashboard UX components for suppression trend visualization
  • Add tests for pattern analysis, scoring, and anomaly detection

Related Documentation

  • Source: See feature catalog