Skip to main content

Risk Register

:::info Source Sourced from services/search-service/SERVICE_RISK_REGISTER.md in the documentation repo. :::

IDRiskSevImpactMitigationOwner
R-SR-01Cross-tenant search leakS1Data leakTenant filter on every query; alias-per-tenant for large; iso testsSearch + Security
R-SR-02Embeddings cross-tenantS1Semantic leakPartitioned vector index per tenant; deletion on tenant closeSearch + AI
R-SR-03Index drift from sourceS2Stale resultsEvent-driven reindex; nightly consistency jobSearch
R-SR-04Query injection via filter DSLS2DB exposureTyped parser; no string queriesSearch + Security
R-SR-05Full reindex downtimeS3Temporary degraded resultsZero-downtime via alias swapSearch + SRE
R-SR-06AI reranking biasS3Unfair exposureQuarterly bias eval; diversity checksSearch + AI + Compliance
R-SR-07GDPR erasure — embeddings retainedS1RegulatorDelete embeddings + documents on erasure; replay testSearch + Compliance
R-SR-08High-cardinality facets slowS3UXFacet limits; approximate countsSearch
R-SR-09Rate-limit bypass via scriptingS3DoSPer-token + per-IP rate limitSearch + Security
R-SR-10Stemming/locale errorsS3Poor multilingual resultsPer-locale analyzers; test corpusSearch