ponens

← Policy gallery

CERT: Risk Assessed

error

cert_risk_assessed

coding-standards security pure_temporal secure-codingcertseirisk-basedrisk-assessmentrag-red

Every finding is risk-assessed on the three CERT factors: severity, likelihood, and remediation cost.

Formula

G(Finding → severity_assessed ∧ likelihood_assessed ∧ remediation_assessed)

Why it matters

SEI CERT risk assessment: each guideline/finding is scored on Severity (low/medium/high), Likelihood (unlikely/probable/likely), and Remediation Cost (high/medium/low).

Examples

passes the risk/remediation step is evidenced

fails the required assessment/remediation is absent

Use it

ponens policies add cert_risk_assessed --into ./trace.json
ponens trace check ./trace.json