Create security assurance case and threat model for OSSF Silver badge compliance #244
Description
Description
The OSSF Silver badge requires projects to have a documented security assurance case that justifies why the software is secure. This typically includes a threat model.
OSSF Criterion: assurance_case (MUST)
Reference: https://www.bestpractices.dev/en/projects/11532?criteria_level=1#assurance_case
Current Gap
| Criterion | Requirement | Current State |
|---|---|---|
assurance_case |
Document security assurance case | No threat model or assurance case found |
Proposed Deliverable
Create docs/security/threat-model.md with threat model and security assurance case.
Document Structure
1. Project Security Context
- Project purpose and scope
- Trust boundaries
- Assets to protect
2. Threat Model
- Threat actors and their capabilities
- Attack surfaces
- STRIDE or similar threat categorization
3. Security Controls
- Existing security measures
- How each threat is mitigated
- Defense in depth approach
4. Assurance Argument
- Why the project is secure given its design
- Assumptions and limitations
- Ongoing security practices
Acceptance Criteria
- Create
docs/security/directory if not exists - Create
docs/security/threat-model.md - Document project trust boundaries
- Identify and categorize potential threats
- Map existing controls to threats:
- Dependency scanning (Dependabot, dependency-review)
- SAST (CodeQL)
- Pinned action SHA versions
- Branch protection
- Provide assurance argument for project security posture
- Link threat model from SECURITY.md
- Update OSSF badge form to mark
assurance_caseas Met
Additional Context
- OSSF Badge Project: https://www.bestpractices.dev/en/projects/11532
- See SECURITY.md for existing security documentation
- Threat modeling reference: https://owasp.org/www-community/Threat_Modeling
- This project primarily processes local files and produces guidance artifacts - attack surface is limited