Cole-Greer opened a new pull request, #3450: URL: https://github.com/apache/tinkerpop/pull/3450
This is a twin of #3449, to fork the proposed threat model for 3.7/3.8 Websockets+bytecode, from the 4 HTTP+scripts model. This branch should receive edits targeting 3.7/3.8, while the original PR should be adjusted solely for TinkerPop 4. Adds a draft THREAT_MODEL.md for Apache TinkerPop, a SECURITY.md pointing to it, and a ## Security section in AGENTS.md, so automated security scanners (and researchers) can mechanically discover the project's threat model via the AGENTS.md -> SECURITY.md -> THREAT_MODEL.md chain. The threat model is a v0 draft authored by the ASF Security team for the PMC to own and refine. It follows a standard rubric (scope, trust boundaries, adversary model, security properties provided / not provided, downstream responsibilities, known non-findings, triage dispositions). Every claim carries a provenance tag — *(documented)* / *(inferred)* / *(maintainer)* — and every *(inferred)* claim routes to a numbered question in §14 for the PMC to confirm, correct, or strike. The highest-value items to confirm: the default authentication/TLS posture, the script-execution disposition (string scripts run through the Groovy engine), and the Gryo/serialization handling. THREAT_MODEL.md and SECURITY.md carry the ASF license header; AGENTS.md is RAT-excluded. No code or behaviour changes — documentation only. This is a proposal for the PMC to review — please adjust, correct, or reject as needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
