| name | securability-engineering |
| description | Generate or refactor code using FIASSE/SSEM constraints. Use when implementing security-sensitive code, APIs, trust boundary handlers, auth, or data access. |
| license | CC-BY-4.0 |
Securability Engineering
This skill wraps implementation work with SSEM and FIASSE controls so code is securable by default.
Workflow
- Identify trust boundaries and sensitive data paths.
- Map feature intent to applicable ASVS chapters in ../data/asvs.
- Apply SSEM constraints:
- Maintainability: analyzability, modifiability, testability.
- Trustworthiness: confidentiality, accountability, authenticity.
- Reliability: availability, integrity, resilience.
- Enforce canonical input handling at boundaries:
- canonicalize -> sanitize -> validate
- Enforce derived integrity and request surface minimization.
- Add structured security-relevant logging and audit events without sensitive leakage.
- Validate code shape:
- small functions
- injectable dependencies
- no static mutable state
- explicit timeouts and resource limits for external calls
Output Requirements
- Code with clear trust-boundary controls.
- Brief "Securability Notes" summarizing applied SSEM attributes and ASVS mapping.
- Explicit trade-off callouts for any unmapped requirement.
References
- ../data/fiasse/
- ../data/asvs/