stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7b7cf07060702f0171e91161c32d9384516185e7
git.stella-ops.org/docs/features/checked/riskengine/exploit-maturity-mapping.md
master cf5b72974f save checkpoint
2026-02-11 01:32:14 +02:00

7.8 KiB
Raw Blame History

Exploit Maturity Mapping

Module

RiskEngine

Status

VERIFIED

Description

Dedicated exploit maturity mapping service consolidating EPSS, KEV, and in-the-wild signals into a unified maturity level taxonomy (Unknown, Theoretical, ProofOfConcept, Active, Weaponized). Previously described as partially implemented, the service has since been fully built.

Implementation Details

  • Exploit Maturity Service: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/ExploitMaturityService.cs (227 lines) -- implements IExploitMaturityService. Consolidates: EPSS signals (>=0.80 = Weaponized, >=0.40 = Active, >=0.10 = ProofOfConcept, >=0.01 = Theoretical), KEV signals (KEV-listed = Weaponized with 0.95 confidence), in-the-wild signals (via IInTheWildSource). Max-level aggregation with weighted confidence averaging. Parallel signal fetching via Task.WhenAll. OpenTelemetry metrics. Deterministic with injected TimeProvider.
  • Exploit Maturity Interface: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/IExploitMaturityService.cs -- AssessMaturityAsync, GetMaturityLevelAsync, GetMaturityHistoryAsync methods.
  • Exploit Maturity Models: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Contracts/ExploitMaturityModels.cs (89 lines) -- ExploitMaturityLevel enum (Unknown, Theoretical, ProofOfConcept, Active, Weaponized), MaturityEvidenceSource enum (Epss, Kev, InTheWild, ExploitDb, ScannerTemplate, Override), MaturitySignal record, ExploitMaturityResult record, MaturityHistoryEntry record.
  • Exploit Maturity Endpoints: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Endpoints/ExploitMaturityEndpoints.cs (134 lines) -- Minimal API: GET /exploit-maturity/{cveId} (full assessment), GET /exploit-maturity/{cveId}/level (just level), GET /exploit-maturity/{cveId}/history (maturity history), POST /exploit-maturity/batch (batch with deduplication).

E2E Test Plan

  • Verify no signals returns Unknown level
  • Verify EPSS-only mapping at various thresholds (Theoretical, ProofOfConcept, Active, Weaponized)
  • Verify KEV-only returns Weaponized with 0.95 confidence
  • Verify in-the-wild-only returns Active
  • Verify max-level aggregation when multiple signals present
  • Verify confidence averaging with all signals
  • Verify API endpoints (full assessment, level-only, history, batch)
  • Verify determinism: same inputs produce same outputs

Verification

  • Verified: 2026-02-10
  • Method: Tier 2a live API replay + Tier 2d test verification
  • Build: Passes (0 errors, 0 warnings for Core)
  • Tests: RiskEngine suite re-run in Release with 94/94 passing, including exploit maturity endpoint and service coverage.
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-002/tier2-api-check.json
  • Note: GetMaturityHistoryAsync returns empty (requires persistence layer). Interface and model for lifecycle tracking exist but persistence is not yet implemented. The core maturity assessment service is fully functional.

Recheck (Run-003)

  • Verified: 2026-02-10
  • Method: Tier 2a API replay via in-process WebApplicationFactory + Tier 2d service regression replay.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-003/tier2-api-check.json
  • Outcome: Exploit maturity assessment, level/history, and batch endpoint contracts remain stable.

Recheck (Run-004)

  • Verified: 2026-02-10
  • Method: Tier 2a API replay via in-process WebApplicationFactory + full suite replay.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-004/tier2-api-check.json
  • Outcome: Exploit maturity assessment, level/history, and batch endpoint contracts remain stable.

Recheck (Run-005)

  • Verified: 2026-02-10
  • Method: Tier 2a API replay validated via RiskEngine integration suite.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-005/tier2-api-check.json
  • Outcome: Exploit maturity mapping behavior remains healthy.

Recheck (Run-006)

  • Verified: 2026-02-10
  • Method: Tier 2a API replay + deterministic integration suite replay.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-006/tier2-api-check.json
  • Outcome: Checked RiskEngine behavior remains healthy in continued replay.

Recheck (Run-007)

  • Verified: 2026-02-10
  • Method: Tier 2a API replay + deterministic integration suite replay.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-007/tier2-api-check.json
  • Outcome: Checked RiskEngine behavior remains healthy in continued replay.

Recheck (Run-008)

  • Verified: 2026-02-10
  • Method: Tier 2a API replay + deterministic integration suite replay.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-008/tier2-api-check.json
  • Outcome: Checked RiskEngine behavior remains healthy in continued replay.

Recheck (Run-009)

  • Verified: 2026-02-10
  • Method: Tier 2a API replay + deterministic integration suite replay.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-009/tier2-api-check.json
  • Outcome: Checked RiskEngine behavior remains healthy in continued replay.

Recheck (Run-010)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-010/tier2-integration-check.json
  • Outcome: Checked risk engine behavior remains healthy in continued replay.

Recheck (Run-011)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-011/tier2-integration-check.json
  • Outcome: Checked risk engine behavior remains healthy in continued replay.

Recheck (Run-012)

  • Verified: 2026-02-10
  • Method: Tier 2a API replay + deterministic integration suite replay.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-012/tier2-api-check.json
  • Outcome: Checked risk engine behavior remains healthy in continued replay.

Recheck (Run-013)

  • Verified: 2026-02-10
  • Method: Tier 2a live HTTPS API verification with fresh request/response capture.
  • Tests: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/tier2-api-check.json
  • Captured Requests: /exploit-maturity/{cveId}, /exploit-maturity/{cveId}/level, /exploit-maturity/{cveId}/history, /exploit-maturity/batch (success) and /exploit-maturity/batch with empty list (400).
  • Outcome: Exploit maturity API contracts revalidated from live API transactions.