← Policy gallery

ssdf_rv_root_cause_analysis

secure-development auditability pure_temporal secure-developmentnistssdfsupply-chainrvrag-amber

Root-cause analysis is performed to reduce the frequency of future vulnerabilities (RV.3).

Formula

G(Finding → F(root_cause_recorded))

Why it matters

SSDF RV.3: analyze vulnerabilities to identify root causes, and use that to improve the development process.

Examples

passes the practice's evidence is present

fails the required secure-development step is absent

Use it

ponens policies add ssdf_rv_root_cause_analysis --into ./trace.json
ponens trace check ./trace.json