stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
c70e83719e6cca4d1d3392f275aecc90cfebdf3b
git.stella-ops.org/etc/weights/v2026-01-22.weights.json
master c70e83719e finish off sprint advisories and sprints
2026-01-24 00:12:43 +02:00

102 lines
2.3 KiB
JSON
Raw Blame History

{
"$schema": "https://stella-ops.org/schemas/weight-manifest/v1.0.0",
"schemaVersion": "1.0.0",
"version": "v2026-01-22",
"effectiveFrom": "2026-01-22T00:00:00Z",
"profile": "production",
"description": "EWS default weights - extracted from EvidenceWeights.Default",
"contentHash": "sha256:auto",
"weights": {
"legacy": {
"rch": 0.30,
"rts": 0.25,
"bkp": 0.15,
"xpl": 0.15,
"src": 0.10,
"mit": 0.10
},
"advisory": {
"cvss": 0.25,
"epss": 0.30,
"reachability": 0.20,
"exploitMaturity": 0.10,
"patchProof": 0.15
}
},
"dimensionNames": {
"rch": "Reachability",
"rts": "Runtime Signal",
"bkp": "Backport Evidence",
"xpl": "Exploit Likelihood",
"src": "Source Trust",
"mit": "Mitigation Effectiveness",
"cvss": "CVSS Base Score",
"epss": "EPSS Probability",
"reachability": "Reachability Analysis",
"exploitMaturity": "Exploit Maturity",
"patchProof": "Patch Proof Confidence"
},
"subtractiveDimensions": ["mit", "patchProof"],
"guardrails": {
"notAffectedCap": {
"enabled": true,
"maxScore": 15,
"requiresBkpMin": 1.0,
"requiresRtsMax": 0.6
},
"runtimeFloor": {
"enabled": true,
"minScore": 60,
"requiresRtsMin": 0.8
},
"speculativeCap": {
"enabled": true,
"maxScore": 45,
"requiresRchMax": 0.0,
"requiresRtsMax": 0.0
}
},
"buckets": {
"actNowMin": 90,
"scheduleNextMin": 70,
"investigateMin": 40
},
"determinizationThresholds": {
"manualReviewEntropy": 0.60,
"refreshEntropy": 0.40
},
"signalWeightsForEntropy": {
"vex": 0.25,
"reachability": 0.25,
"epss": 0.15,
"runtime": 0.15,
"backport": 0.10,
"sbomLineage": 0.10
},
"metadata": {
"createdBy": "Sprint 037 TSF-001",
"createdAt": "2026-01-22T00:00:00Z",
"changelog": [
{
"version": "v2026-01-22",
"date": "2026-01-22",
"changes": ["Initial extraction from EvidenceWeights.Default"]
}
],
"notes": [
"RCH and RTS carry highest weights as they provide strongest risk signal",
"MIT and patchProof are subtractive dimensions (reduce risk)",
"Guardrails are applied after weighted sum calculation",
"Entropy thresholds align with Determinization config"
]
}
}
Reference in New Issue View Git Blame Copy Permalink