We need something like a fire diamond for software and data:
some tuple like ((fails to)conform to spec/testing(and production) only (ie contains PII or is garbage data)/(permissive,restrictive,free) license/(un)safe library calls or language) or so.
Some stuff is pretty subjective but so are the fire diamond numbers sometimes, plus we can pick objective boundaries (calls to gets cannot be safe for example.) I think it could probably work.
some tuple like ((fails to)conform to spec/testing(and production) only (ie contains PII or is garbage data)/(permissive,restrictive,free) license/(un)safe library calls or language) or so.
Some stuff is pretty subjective but so are the fire diamond numbers sometimes, plus we can pick objective boundaries (calls to gets cannot be safe for example.) I think it could probably work.