potiuk opened a new pull request, #3734:
URL: https://github.com/apache/fory/pull/3734

   ## What this is
   
   A **draft threat model** for Apache Fory, proposed by the ASF Security team 
for the Fory PMC to review, correct, or reject. It is a starting point for 
discussion, not a finished document.
   
   This PR:
   - adds `THREAT_MODEL.md` — the draft model, following the [ASF Security 
threat-model 
rubric](https://gist.github.com/potiuk/da14a826283038ddfe38cc9fe6310573);
   - adds `SECURITY.md` — a short security policy that links the threat model;
   - appends a `## Security` section to `AGENTS.md`, so the chain `AGENTS.md → 
SECURITY.md → THREAT_MODEL.md` is mechanically discoverable by automated 
security scanners.
   
   ## How to read it
   
   Every claim is provenance-tagged: *(documented)* (from Fory's own 
docs/repo), *(inferred)* (reasoned from the architecture, **not yet 
confirmed**), *(maintainer)* (confirmed by the PMC). This v0 is ~20 documented 
/ ~26 inferred. The **§14 Open questions** section collects every inferred 
claim into waves for the PMC to confirm or correct — that is where review time 
is best spent. The highest-impact ones:
   
   - whether "under the default `requireClassRegistration(true)`, only 
registered types are instantiated from untrusted bytes" is a committed 
property, and whether findings that require `requireClassRegistration(false)` 
are out-of-model / non-default (wave 1);
   - per-language memory safety on malformed input — in particular the C++ 
decoder (wave 2);
   - the cross-language (xlang) peer-trust assumption and the resource/DoS line 
beyond `maxDepth` (waves 2).
   
   Nothing here is a requirement — the model is for the PMC to own. Comment 
inline, edit the branch, or reply on the email thread.
   
   ## AI Usage Disclosure
   
   - **Substantial AI assistance: yes.**
   - **What:** `THREAT_MODEL.md` was drafted by the ASF Security team's 
threat-model tooling (Claude) from Apache Fory's public documentation and 
repository, following the Scovetta rubric. `SECURITY.md` and the `AGENTS.md` 
Security section are templated scaffolding.
   - **Review model:** the document is deliberately presented as a *draft for 
line-by-line maintainer review* — every claim carries a provenance tag, and all 
unverified *(inferred)* claims are surfaced as explicit open questions (§14) 
for the PMC to ratify, correct, or strike. It is not offered as finished or 
authoritative content.
   - **Provenance / licensing:** content is original to this engagement, 
carries the ASF license header, and is intended to comply with the [ASF 
Generative Tooling 
Guidance](https://www.apache.org/legal/generative-tooling.html).
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to