notation icon indicating copy to clipboard operation
notation copied to clipboard

Published 20 hours ago verified publisher icon notaryproject

Threat Modeling for notation

Open priteshbandi opened this issue 2 years ago • 2 comments

Threat modeling involves identifying ways that an adversary might try to attack notation and then designing mitigations to prevent, detect or reduce the impact of those attacks.

Aspects: Dir + Config+Registry Interaction TS+TP+Envelope

priteshbandi avatar Oct 12 '22 23:10 priteshbandi

Discussed on community call today. Would be good to have some brief things written out for process of trying to find vulnerabilities and then if issue(s) found, file issue(s) to help mitigate. Idea would be work shared amongst dev area ownership for those who are most familiar with codebase. Needs estimate.

dtzar avatar Oct 13 '22 16:10 dtzar

Putting this for RC-1, but this would be last thing which could potentially be cut and pushed to RC-2. IMO - I believe would be good right after RC-1 and if we find things, ok to release shortly after fix/patches from RC-1.

dtzar avatar Oct 13 '22 16:10 dtzar

Confirmed to move this issue out of rc-1 scope. Now moved to "Discuss". We will review all the issues later for rc-2 release scope.

yizha1 avatar Nov 09 '22 06:11 yizha1

Closed as completed see https://github.com/notaryproject/specifications/blob/main/threatmodels/notation-threatmodel.md

yizha1 avatar Aug 04 '23 06:08 yizha1