SAF-T1005: cite uncited claims, fix CVE attribution, tidy references#217
Open
fkautz wants to merge 1 commit into
Open
SAF-T1005: cite uncited claims, fix CVE attribution, tidy references#217fkautz wants to merge 1 commit into
fkautz wants to merge 1 commit into
Conversation
Address the SAF-T1005 review (scored 91, merge-with-minor-revisions): - Accuracy 2.1: cited the previously uncited quantitative claims and incidents. The 5,000+ SQLite-server forks now cite Trend Micro; the vague "13,000+ new servers" claim is reframed to the documented ~10,000-20,000 end-of-2025 range (Astrix); the Asana and Smithery incidents now cite The Register and GitGuardian / SC Media respectively. Asana wording aligned strictly to what the cited source supports (dropped an unsourced customer count). - Accuracy 2.4: the CVE-2025-6515 reference now points at JFrog's primary advisory (JFrog did discover it) instead of a secondary Register article, so the discoverer matches the link. - Accuracy 2.5: moved the four orphaned references (eSentire, Strobes, Embrace The Red, Adversa AI) into a Further Reading list. - Approachability 4.1: removed hype words ("sophisticated", "simply"). - Correctness 1.5: annotated the T1046 mapping as the Discovery/enumeration phase rather than the Initial-Access entry. - Fixed the non-resolving detection-rule references URL (saf-mcp -> secure-agentic-framework) in the shipped file and inline copies, and updated the test that asserted the old URL. Detection rule logic unchanged (still 26/26). All new citations verified for reachability and content. The preventive-control SAF-M TODO is left as the tracked follow-up the review flagged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addresses the SAF-T1005 (Exposed Endpoint Exploit) review (scored 91, merge-as-is with minor Accuracy fixes). Detection rule logic unchanged (still 26/26).
referencesURL (saf-mcp->secure-agentic-framework) in the shipped file and inline copies, and updated the test that asserted the old URL. The preventive-control SAF-M TODO is left as the tracked follow-up the review flagged.Test
🤖 Generated with Claude Code