Saptarshi Sarkar

• Fixed README, SECURITY.md and CONTRIBUTING.md docs
• Creating demo video

• Improved the codebase to fix codebase readability, cleanliness, maintainability issues
• Improved the privilege escalation loop detector code
• Included more analysis outputs in the pdf report generated

Known Issues:

• Pdf Report generator gives error although it successfully creates the PDF
• Configured hop count is not injected in the html visualisation

• Enhanced the project structure by properly modularising the code
• Improved performance by removing duplicate computation code
• Improved the UI/UX of the CLI by formatting the “All Discovered Paths” output and truncating CVE IDs list
• Also, added a CLI flag to control whether to show all paths

• Changed the automatic source and target node classification heuristics from ID, type and name based to configuration (like RBAC) based to give more confidence in finding potential nodes
• Updated the attack path finding, blast radius and the choke point identification to use the security configuration (posture) for each node processed

🔑 Core Foundation

• Maven project structure with organized packages (analysis, ingestion, model, security, export, cli, util)
• Cluster ingestion via kubectl + JSON parsing (KubectlExtractor, K8sJsonParser)
• Graph pipeline with ClusterGraphFactory, GraphNode, GraphEdge

🛡️ Attack Path Analysis

• Path discovery with traversal + shortest path (AttackPathDiscovery, Dijkstra, AllDirectedPaths)
• Structured I/O models (AnalysisInput, AnalysisResult, PathDiscoveryResult)
• Auto source/target classification via AttackSurfaceClassifier

⚔️ Choke Point Detection

• Identification logic (ChokePointIdentifier)
• Ranking by severed paths (frequency + ID tie-break)
• Default independent ranking; advanced sequential elimination planned

🌐 Blast Radius & Impact

• Blast radius analysis (BlastRadiusAnalyzer)
• Models: BlastRadiusResult, ImpactedAsset, ImpactSeverity
• Severity scoring + remediation advisor (ImpactRemediationAdvisor)

🛠️ Remediation Planning

• Choke-point remediation (ChokePointRemediationAdvisor, RemediationPlan)
• Node ID parsing → targeted command templates
• Audit-first, enforce-next strategy

🔄 Orchestration

• Refactored AnalysisOrchestrator → unified coordinator
• Runs discovery, choke points, blast radius, remediation → returns AnalysisResult

📊 Reporting & Output

• Summary printer (AnalysisSummaryPrinter)
• Export orchestration (ExportService) in progress
• Existing exporters: CytoscapeExporter (HTML), PdfReportEngine (PDF)

📣 Logging & CLI

• Reduced duplication between console + logger
• Reporting abstraction (ProgressReporter, OutputReporter)
• Refactoring ANSI color pollution in logs

⚠️ Known Gaps / Tech Debt

• Console/logging/analysis concerns still mixed
• ANSI color tokens pollute logs
• Output flow (summary vs export) not fully unified
• Duplicated helpers in Main, presenter, export logic
• Verify JDK compatibility for List#getFirst()

Devlog: Changes made

• Implemented a Matrix operations java class which utilises SIMD for optimised calculations
• Added a JUnit 6 test which checks correctness and measures performance properly.
• Added GitHub Actions test workflow summary

• Added GitHub Actions workflow for automated testing
• Added dependabot configuration for automatic dependency updates

Finally, I have implemented a single layer perceptron with:

• A learning rule for parameters (weights which includes bias) -> Perceptron Learning Algorithm
• A step function as the activation function

I have also added JUnit test for testing the Perceptron for AND, OR, XOR (where it is expected to fail) and a random linearly separable dataset. The test also checks for input and output size mismatches.

• I have created the repository structure suitable for future implementations of anything I learn in Deep Learning
• Created two classes for performing basic Vector and Matrices operations like addition, scaling up/down, dot product of vectors, multiplication of matrices and implemented methods to reduce a matrix to Echelon Form and Row-Reduced Echelon Form (RREF)
• I have also implemented McCulloch-Pitts (MP) neuron from scratch.
• Added JUnit 6 test for testing the MP neuron implementation

• Modified the project structure for better and independent coordination between dependent modules, to avoid any kind of cyclic dependencies.
• Added Regression Logic using Apache Commons-Math3 OLS Multiple Regression function to estimate betas (or weights in other words)
• Added one custom rule (like if the factor is USA, then a weight of 0.8 would be used among other factors)

1. Fetched list of all ticker symbols available in the NYSE stock exchange using web page crawling.
2. Then, using “yfinance” python module, the required data about each of the ticker symbols were fetched. There were approximately 6800 ticker symbols whose publicly available data were collected.
3. Then, using OpenRefine, the data was cleaned and a new column (named “classification_quality”) was introduced with three possible values - FULL, PARTIAL and UNKNOWN - based on the availability of column values for each row. There were also a couple of blank rows which had to be removed. Finally, there were 6435 rows covering EQUITY, ETF, and MUTUAL FUND types of assets.

These data will help OpenRisk to determine which asset the user holds. Next, I’ll be working on factors that cause significant impacts on the holder.

Fixed error for which JavaFX fails to start up. Finally, the maven build works.

Created project structure with 3 modules:

1. openrisk-core: All finance calculations go here
2. openrisk-data: SQLite and CSV import
3. openrisk-ui: JavaFX project with MVC structure

Would start with the main code and functionality next. Check the below recording for the directory structure (output of tree command 😅)

Created project banner and logo

Feedback are welcome and appreciated.

Finally fixed “IllegalAccessException” and “InaccessibleObjectException” thrown while running GUI tests via TestFx by explicitly adding “opens” argument in maven via maven-surefire-plugin configuration in pom.xml file.

Thanks to this GitHub comment: https://github.com/TestFX/TestFX/issues/751#issuecomment-1772200969

Finally fixed the issue of previous incomplete download tasks interfering with test download tasks.

Finally got the GUI testing to work in Drifty GUI. I have used TestFx with JUnit 5.
P.S.: Will fix the last error soon.