| title | Security Documentation | |||
|---|---|---|---|---|
| description | Index of security documentation including security model and assurance case for HVE Core | |||
| sidebar_position | 1 | |||
| author | Microsoft | |||
| ms.date | 2026-03-16 | |||
| ms.topic | overview | |||
| keywords |
|
|||
| estimated_reading_time | 2 |
This directory contains security documentation for HVE Core, demonstrating defense-in-depth security practices.
| Document | Description |
|---|---|
| Security Model | Comprehensive security model and security assurance case |
| Dependency Pinning | Pinning strategies and CI enforcement for all dependency types |
| SBOM Verification | SBOM attestation verification and consumption guide |
| Fuzzing | OSSF Scorecard fuzz harness convention and compliance |
| SECURITY.md | Vulnerability disclosure and reporting process |
HVE Core is an enterprise prompt engineering framework that:
- Contains no runtime services or user data storage
- Operates as development-time tooling consumed by GitHub Copilot
- Relies on defense-in-depth with 20+ automated security controls
The security model documents:
- 36 threats across STRIDE, AI-specific, and Responsible AI categories
- Security controls mapped to each threat
- MCP server trust analysis
- Quantitative security metrics
- GSN-style assurance argument
- Branch Protection: Repository protection configuration
- MCP Configuration: MCP server setup and trust guidance
- GOVERNANCE.md: Project governance and maintainer roles
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.