Jarek Potiuk created RANGER-5652:
------------------------------------
Summary: Add THREAT_MODEL.md + SECURITY.md/AGENTS.md
security-model discoverability
Key: RANGER-5652
URL: https://issues.apache.org/jira/browse/RANGER-5652
Project: Ranger
Issue Type: Task
Components: documentation
Reporter: Jarek Potiuk
Apache Ranger had no in-repo security-model document or the conventional
AGENTS.md -> SECURITY.md -> THREAT_MODEL.md discoverability chain that lets
automated security scanners (and human reviewers) mechanically locate the
project's threat model.
PR apache/ranger#994 (merged) adds:
- THREAT_MODEL.md — a threat model for Ranger's high-value boundaries (policy
decision/distribution path, admin REST API, per-service plugin trust, KMS),
reviewed and answered by the Ranger PMC.
- SECURITY.md — ASF security-process pointer.
- AGENTS.md -> SECURITY.md -> THREAT_MODEL.md discoverability wiring.
This issue is filed retroactively to track that change in JIRA per project
convention, at the PMC's request. The work was drafted by the ASF Security
team and reviewed/owned by the Ranger PMC.
PR: https://github.com/apache/ranger/pull/994
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
