Skip to content

Add THREAT_MODEL.md + SECURITY.md and wire AGENTS.md for security-mod…#3450

Merged
Cole-Greer merged 4 commits into
3.7-devfrom
3-7/threat-model-2026-06-05
Jul 11, 2026
Merged

Add THREAT_MODEL.md + SECURITY.md and wire AGENTS.md for security-mod…#3450
Cole-Greer merged 4 commits into
3.7-devfrom
3-7/threat-model-2026-06-05

Conversation

@Cole-Greer

Copy link
Copy Markdown
Contributor

This is a twin of #3449, to fork the proposed threat model for 3.7/3.8 Websockets+bytecode, from the 4 HTTP+scripts model. This branch should receive edits targeting 3.7/3.8, while the original PR should be adjusted solely for TinkerPop 4.

Adds a draft THREAT_MODEL.md for Apache TinkerPop, a SECURITY.md pointing to it, and a ## Security section in AGENTS.md, so automated security scanners (and researchers) can mechanically discover the project's threat model via the AGENTS.md -> SECURITY.md -> THREAT_MODEL.md chain.

The threat model is a v0 draft authored by the ASF Security team for the PMC to own and refine. It follows a standard rubric (scope, trust boundaries, adversary model, security properties provided / not provided, downstream responsibilities, known non-findings, triage dispositions). Every claim carries a provenance tag — (documented) / (inferred) / (maintainer) — and every (inferred) claim routes to a numbered question in §14 for the PMC to confirm, correct, or strike. The highest-value items to confirm: the default authentication/TLS posture, the script-execution disposition (string scripts run through the Groovy engine), and the Gryo/serialization handling.

THREAT_MODEL.md and SECURITY.md carry the ASF license header; AGENTS.md is RAT-excluded. No code or behaviour changes — documentation only.

This is a proposal for the PMC to review — please adjust, correct, or reject as needed.

potiuk and others added 4 commits June 5, 2026 09:54
…el discoverability

Adds a draft threat model (ASF Security team v0, for the PMC to own and refine),
a SECURITY.md pointing to it, and a Security section in AGENTS.md so the
AGENTS.md -> SECURITY.md -> THREAT_MODEL.md discoverability chain resolves.
Documentation only; no code or behaviour changes.

Assisted-by: Claude Code:claude-opus-4-8
Assisted-by: Claude Code:claude-fable-5
@Cole-Greer

Copy link
Copy Markdown
Contributor Author

VOTE +1

@Cole-Greer Cole-Greer merged commit 52484bf into 3.7-dev Jul 11, 2026
59 of 60 checks passed
@Cole-Greer Cole-Greer deleted the 3-7/threat-model-2026-06-05 branch July 11, 2026 01:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants