51 lines
1.3 KiB
JSON
51 lines
1.3 KiB
JSON
{
|
|
"version": "v2026-01-22",
|
|
"effective_from": "2026-01-22T00:00:00Z",
|
|
"description": "EWS default weights - extracted from EvidenceWeights.Default",
|
|
"weights": {
|
|
"rch": 0.30,
|
|
"rts": 0.25,
|
|
"bkp": 0.15,
|
|
"xpl": 0.15,
|
|
"src": 0.10,
|
|
"mit": 0.10
|
|
},
|
|
"dimension_names": {
|
|
"rch": "Reachability",
|
|
"rts": "Runtime Signal",
|
|
"bkp": "Backport Evidence",
|
|
"xpl": "Exploit Likelihood",
|
|
"src": "Source Trust",
|
|
"mit": "Mitigation Effectiveness"
|
|
},
|
|
"subtractive_dimensions": ["mit"],
|
|
"guardrails": {
|
|
"speculative_cap": 45,
|
|
"not_affected_cap": 15,
|
|
"runtime_floor": 60
|
|
},
|
|
"buckets": {
|
|
"act_now_min": 90,
|
|
"schedule_next_min": 70,
|
|
"investigate_min": 40
|
|
},
|
|
"determinization_thresholds": {
|
|
"manual_review_entropy": 0.60,
|
|
"refresh_entropy": 0.40
|
|
},
|
|
"signal_weights_for_entropy": {
|
|
"vex": 0.25,
|
|
"reachability": 0.25,
|
|
"epss": 0.15,
|
|
"runtime": 0.15,
|
|
"backport": 0.10,
|
|
"sbom_lineage": 0.10
|
|
},
|
|
"notes": [
|
|
"RCH and RTS carry highest weights as they provide strongest risk signal",
|
|
"MIT is the only subtractive dimension (mitigations reduce risk)",
|
|
"Guardrails are applied after weighted sum calculation",
|
|
"Entropy thresholds align with Determinization config"
|
|
]
|
|
}
|