Cole-Greer opened a new pull request, #3450:
URL: https://github.com/apache/tinkerpop/pull/3450

   This is a twin of #3449, to fork the proposed threat model for 3.7/3.8 
Websockets+bytecode, from the 4 HTTP+scripts model. This branch should receive 
edits targeting 3.7/3.8, while the original PR should be adjusted solely for 
TinkerPop 4.
   
   Adds a draft THREAT_MODEL.md for Apache TinkerPop, a SECURITY.md pointing to 
it, and a ## Security section in AGENTS.md, so automated security scanners (and 
researchers) can mechanically discover the project's threat model via the 
AGENTS.md -> SECURITY.md -> THREAT_MODEL.md chain.
   
   The threat model is a v0 draft authored by the ASF Security team for the PMC 
to own and refine. It follows a standard rubric (scope, trust boundaries, 
adversary model, security properties provided / not provided, downstream 
responsibilities, known non-findings, triage dispositions). Every claim carries 
a provenance tag — *(documented)* / *(inferred)* / *(maintainer)* — and every 
*(inferred)* claim routes to a numbered question in §14 for the PMC to confirm, 
correct, or strike. The highest-value items to confirm: the default 
authentication/TLS posture, the script-execution disposition (string scripts 
run through the Groovy engine), and the Gryo/serialization handling.
   
   THREAT_MODEL.md and SECURITY.md carry the ASF license header; AGENTS.md is 
RAT-excluded. No code or behaviour changes — documentation only.
   
   This is a proposal for the PMC to review — please adjust, correct, or reject 
as needed.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to