CipherShift365 -- Quality Attributes
Scenario to Mechanism to Measure
| Quality Attribute | Scenario | Architectural Mechanism | Measure |
|---|---|---|---|
| Accuracy | A 1M-LOC solution is scanned; classifications trustworthy | KB + Classification engine + reference-corpus release gate | Precision >= 0.98 / Recall >= 0.90 |
| Offline / Confidentiality | Deploy with no outbound network; nothing leaves | On-prem deployment; air-gapped variant | Network-isolated run passes |
| Modifiability (agility) | Change algorithm via config; old data still works | Crypto-agility API + provider abstraction | No-recompile swap; old artifact verifies |
| Reproducibility / Audit | Auditor re-runs scan months later | Deterministic CBOM; KB-version snapshot | Byte-identical CBOM |
| Reliability (host-safe) | Listener faults in production | Fail-safe / fail-loud + bounded auto-recovery | Host unaffected; alert raised; recovers |
| Performance | Large scan; hot-path crypto at runtime | Depth dial; incremental/parallel scan; listener sampling | Scan <= 30 min/1M LOC |
| Security / Integrity | Tampered KB or CBOM presented | Fail-closed signing/verification; signing-key custody | Tampered artifact rejected |
| Maintainability | KB needs updating without code release | Single versioned KB interface; Core split | KB version ships without module rebuild |
| Host coexistence | Listener runs beside an APM agent | Managed listener; no CLR-profiler slot | Coexistence test passes |
Tradeoff and Sensitivity Points
| ID | Type | Tension | Resolution |
|---|---|---|---|
| T1 | Tradeoff | Offline guarantee + IP protection | Offline forces KB client-side, capping moat protection. Accepted: raise extraction cost; keep durable moat off-client. |
| T2 | Sensitivity | Accuracy is the dominant point | Entire value proposition hinges on classification accuracy. Protected by reference-corpus release gate. |
| T3 | Tradeoff | Runtime coverage + host non-disruption | Deeper runtime visibility risks host conflict. v1 chose safe managed listener; coverage bounded honestly. |
| T4 | Tradeoff | Determinism + KB freshness | Reproducibility needs pinned KB; freshness wants newest KB. Resolved: record kbVersion in CBOM + stale-flag + optional hard-stop. |
| T5 | Tradeoff | Accuracy + scan performance | Deeper analysis raises accuracy but costs time. Resolved: depth dial lets user choose per scan. |
Residual Risks
| ID | Residual Risk | v1 Position | Watch / Roadmap |
|---|---|---|---|
| AO-22 | Estate-scale orchestration | Services-led acceptable (consultant runs per-solution scans) | Fleet orchestration is a Concern-2 concern |
| AO-23 | Alert operability during migration | Baseline re-approval + migration window reduces noise | Make migration-window behavior explicit in design |
| AO-24 | Corpus governance | The accuracy gate is only as good as its corpus | Requires dedicated corpus governance process |