topos.evaluation.policies.secure¶

Φ_SECURE: Policy translator for the SECURE generator.¶

Maps CPG-based security observations into a ScoredDecision. achieved requires zero dangerous calls and zero taint flows; score is min(per-metric qualities) for reporting only.

Quality functions:: danger_quality = exp(-dangerous_calls / danger_scale) taint_quality = exp(-taint_flows / taint_scale)

The SECURE badge is achieved if and only if there are zero dangerous calls and zero taint flows (strict security). Thresholds live in topos.evaluation.policies.calibration.

topos.evaluation.policies.secure.score_secure(dangerous_calls=None, taint_flows=None, priority=Priority.SECURE, threshold=None)[source]

Φ_SECURE — score the SECURE generator from CPG observations.

Parameters:

dangerous_calls – Count of reachable dangerous-API call sites.
taint_flows – Count of source→sink data-flow paths.
priority – Retained for API compatibility; not read by this Φᵢ.
threshold – Retained for API compatibility; not read by this Φᵢ.

Returns:

A ScoredDecision; achieved is the truth value of the SECURE generator for this program.