ponens

← Policy gallery

NIST SSDF: PW — Threat Modeled

error

ssdf_pw_threat_modeled

secure-development security pure_temporal secure-developmentnistssdfsupply-chainpwrag-red

The design is reviewed against security requirements and threats (threat modeling) (PW.1/PW.2).

Formula

G(GitCommit → P(threat_modeled))

Why it matters

SSDF PW.1/PW.2: design software to meet security requirements and mitigate risks, and review the design (e.g. threat modeling).

Examples

passes the practice's evidence is present

fails the required secure-development step is absent

Use it

ponens policies add ssdf_pw_threat_modeled --into ./trace.json
ponens trace check ./trace.json