stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
b444284be530f1bc9c91321cbf230684fe338e57
git.stella-ops.org/docs2/security/risk-model.md
master b444284be5 docs: Archive Sprint 3500 (PoE), Sprint 7100 (Proof Moats), and additional sprints 
Archive completed sprint documentation and deliverables:

## SPRINT_3500 - Proof of Exposure (PoE) Implementation (COMPLETE )
- Windows filesystem hash sanitization (colon → underscore)
- Namespace conflict resolution (Subgraph → PoESubgraph)
- Mock test improvements with It.IsAny<>()
- Direct orchestrator unit tests
- 8/8 PoE tests passing (100% success)
- Archived to: docs/implplan/archived/2025-12-23-sprint-3500-poe/

## SPRINT_7100.0001 - Proof-Driven Moats Core (COMPLETE )
- Four-tier backport detection system
- 9 production modules (4,044 LOC)
- Binary fingerprinting (TLSH + instruction hashing)
- VEX integration with proof-carrying verdicts
- 42+ unit tests passing (100% success)
- Archived to: docs/implplan/archived/2025-12-23-sprint-7100-proof-moats/

## SPRINT_7100.0002 - Proof Moats Storage Layer (COMPLETE )
- PostgreSQL repository implementations
- Database migrations (4 evidence tables + audit)
- Test data seed scripts (12 evidence records, 3 CVEs)
- Integration tests with Testcontainers
- <100ms proof generation performance
- Archived to: docs/implplan/archived/2025-12-23-sprint-7100-proof-moats/

## SPRINT_3000_0200 - Authority Admin & Branding (COMPLETE )
- Console admin RBAC UI components
- Branding editor with tenant isolation
- Authority backend endpoints
- Archived to: docs/implplan/archived/

## Additional Documentation
- CLI command reference and compliance guides
- Module architecture docs (26 modules documented)
- Data schemas and contracts
- Operations runbooks
- Security risk models
- Product roadmap

All archived sprints achieved 100% completion of planned deliverables.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-23 15:02:38 +02:00

1.1 KiB
Raw Blame History

Risk model and scoring

Risk scoring turns evidence into a normalized score and severity band. The model is deterministic and explainable.

Core concepts

  • Signals become evidence after validation.
  • Evidence is normalized into factors.
  • Profiles define weights, thresholds, and overrides.
  • Formulas aggregate factors into scores and severity.

Lifecycle

  1. Job submit with tenant, profile, and findings.
  2. Evidence ingestion from scanners, reachability, and VEX.
  3. Normalization and dedupe by provenance hash.
  4. Profile evaluation with gates and overrides.
  5. Severity assignment and explainability output.
  6. Export to Findings Ledger and Export Center.

Artifacts

  • Profile schema: signals, weights, overrides, provenance.
  • Job and result schema: score, severity, contributions.
  • Explainability payloads for UI and CLI.

Determinism rules

  • Stable ordering for factors and signals.
  • Fixed precision math and UTC timestamps.
  • Hashes and provenance recorded for every input.

Related references

  • docs/risk/overview.md
  • docs/risk/factors.md
  • docs/risk/formulas.md
  • docs/risk/profiles.md
  • docs/risk/api.md