Add THREAT_MODEL.md + SECURITY.md and wire AGENTS.md for security-mod…#3450
Open
Cole-Greer wants to merge 1 commit into
Open
Add THREAT_MODEL.md + SECURITY.md and wire AGENTS.md for security-mod…#3450Cole-Greer wants to merge 1 commit into
Cole-Greer wants to merge 1 commit into
Conversation
…el discoverability Adds a draft threat model (ASF Security team v0, for the PMC to own and refine), a SECURITY.md pointing to it, and a Security section in AGENTS.md so the AGENTS.md -> SECURITY.md -> THREAT_MODEL.md discoverability chain resolves. Documentation only; no code or behaviour changes. Assisted-by: Claude Code:claude-opus-4-8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a twin of #3449, to fork the proposed threat model for 3.7/3.8 Websockets+bytecode, from the 4 HTTP+scripts model. This branch should receive edits targeting 3.7/3.8, while the original PR should be adjusted solely for TinkerPop 4.
Adds a draft THREAT_MODEL.md for Apache TinkerPop, a SECURITY.md pointing to it, and a ## Security section in AGENTS.md, so automated security scanners (and researchers) can mechanically discover the project's threat model via the AGENTS.md -> SECURITY.md -> THREAT_MODEL.md chain.
The threat model is a v0 draft authored by the ASF Security team for the PMC to own and refine. It follows a standard rubric (scope, trust boundaries, adversary model, security properties provided / not provided, downstream responsibilities, known non-findings, triage dispositions). Every claim carries a provenance tag — (documented) / (inferred) / (maintainer) — and every (inferred) claim routes to a numbered question in §14 for the PMC to confirm, correct, or strike. The highest-value items to confirm: the default authentication/TLS posture, the script-execution disposition (string scripts run through the Groovy engine), and the Gryo/serialization handling.
THREAT_MODEL.md and SECURITY.md carry the ASF license header; AGENTS.md is RAT-excluded. No code or behaviour changes — documentation only.
This is a proposal for the PMC to review — please adjust, correct, or reject as needed.