CFSE Paths Registry What Paths Measures Methodology Review Calculator cfse.ai

CFSE Consequence Paths v1.0-candidate

Review Process

Entries are published as structured second opinions unless marked confirmed. A useful review should challenge the evidence, the path decomposition, and the candidate vector values separately.

Review target. The highest-value feedback is specific: entry ID, source fact, disputed path, disputed vector field, proposed replacement value, and the evidence that supports the change.

Review Checklist

  1. Source coverage. Does every material factual claim trace to a public advisory, paper, vendor note, PoC, dataset, or other citable public source?
  2. Published baseline. Are all published scores current, correctly attributed, and recorded using the stated headline rule?
  3. Path existence. Does each path describe a consequence actually reachable from the vulnerability, not a merely possible downstream story?
  4. Terminal type. Is the path classified as the right terminal consequence: authority, perception, safety, availability, or observability?
  5. Evidence level. Is `EV` consistent with the record: inferred, report-backed, reproduced, or field-confirmed?
  6. Scale and recovery. Are `SR`, `SX`, and `OR` supported by the deployment facts rather than assumed from product category?
  7. Tone and attribution. Are vendor, CNA, CISA, NVD, and researcher claims represented without implying more certainty than the sources support?

Human Review Outcomes

A human review can confirm a path, lower its evidence level, remove a path, add a missing path, change one or more vector fields, or mark the entry as unsuitable for the public registry until sources are stronger.

What To Include

Send the entry ID, the exact paragraph or vector field, the source URL or citation, and the proposed correction. If the issue is about method rather than a single entry, include the rule or field being challenged and one or two concrete entries that show the problem.

Read the methodology · Back to the registry