stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5593212b414864ab213082c8945a267451b99901
git.stella-ops.org/docs/features/checked/riskengine/exploit-maturity-mapping.md

3.0 KiB
Raw Blame History

Exploit Maturity Mapping

Module

RiskEngine

Status

VERIFIED

Description

Dedicated exploit maturity mapping service consolidating EPSS, KEV, and in-the-wild signals into a unified maturity level taxonomy (Unknown, Theoretical, ProofOfConcept, Active, Weaponized). Previously described as partially implemented, the service has since been fully built.

Implementation Details

  • Exploit Maturity Service: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/ExploitMaturityService.cs (227 lines) -- implements IExploitMaturityService. Consolidates: EPSS signals (>=0.80 = Weaponized, >=0.40 = Active, >=0.10 = ProofOfConcept, >=0.01 = Theoretical), KEV signals (KEV-listed = Weaponized with 0.95 confidence), in-the-wild signals (via IInTheWildSource). Max-level aggregation with weighted confidence averaging. Parallel signal fetching via Task.WhenAll. OpenTelemetry metrics. Deterministic with injected TimeProvider.
  • Exploit Maturity Interface: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/IExploitMaturityService.cs -- AssessMaturityAsync, GetMaturityLevelAsync, GetMaturityHistoryAsync methods.
  • Exploit Maturity Models: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Contracts/ExploitMaturityModels.cs (89 lines) -- ExploitMaturityLevel enum (Unknown, Theoretical, ProofOfConcept, Active, Weaponized), MaturityEvidenceSource enum (Epss, Kev, InTheWild, ExploitDb, ScannerTemplate, Override), MaturitySignal record, ExploitMaturityResult record, MaturityHistoryEntry record.
  • Exploit Maturity Endpoints: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Endpoints/ExploitMaturityEndpoints.cs (134 lines) -- Minimal API: GET /exploit-maturity/{cveId} (full assessment), GET /exploit-maturity/{cveId}/level (just level), GET /exploit-maturity/{cveId}/history (maturity history), POST /exploit-maturity/batch (batch with deduplication).

E2E Test Plan

  • Verify no signals returns Unknown level
  • Verify EPSS-only mapping at various thresholds (Theoretical, ProofOfConcept, Active, Weaponized)
  • Verify KEV-only returns Weaponized with 0.95 confidence
  • Verify in-the-wild-only returns Active
  • Verify max-level aggregation when multiple signals present
  • Verify confidence averaging with all signals
  • Verify API endpoints (full assessment, level-only, history, batch)
  • Verify determinism: same inputs produce same outputs

Verification

  • Verified: 2026-02-10
  • Method: Tier 1 code review + Tier 2d test verification
  • Build: Passes (0 errors, 0 warnings for Core)
  • Tests: 23 tests across 2 test files (ExploitMaturityServiceTests: 14, ExploitMaturityApiTests: 9). All 55/55 module tests pass.
  • Note: GetMaturityHistoryAsync returns empty (requires persistence layer). Interface and model for lifecycle tracking exist but persistence is not yet implemented. The core maturity assessment service is fully functional.