feat: implement quantum readiness risk scoring engine #6
Description
Description
Design and implement a scoring engine that quantifies an organization's quantum readiness on a 0-100 scale. The engine evaluates cryptographic findings across repositories, endpoints, and certificates, weighting them by risk factors aligned with NIST CNSA 2.0 timelines.
Tasks
- Define scoring algorithm with configurable weights
- Score individual findings based on:
- Algorithm type (RSA, ECC, AES, SHA — quantum vulnerability level)
- Key size relative to quantum threat
- Data sensitivity classification
- Exposure level (internet-facing vs. internal)
- Calculate per-repository readiness score (aggregate of file findings)
- Calculate per-endpoint readiness score (TLS + certificate findings)
- Calculate organization-wide readiness score (weighted aggregate)
- Implement risk categories:
- Critical: RSA/ECC in production internet-facing services
- High: RSA/ECC in internal services with sensitive data
- Medium: legacy algorithms in non-critical systems
- Low: already migrated or quantum-safe algorithms
- Weight scores against NIST CNSA 2.0 timeline (2030 deprecation, 2035 disallowance)
- Support score recalculation on new scan results
- Cache computed scores for dashboard performance
- Write comprehensive unit tests for scoring edge cases
- Document scoring methodology for transparency