Review OpenSSF Threat models

[APM05]

https://docs.google.com/document/d/1lLCsT0a5vp6FcvquWPzx8AzhFMORyw-4rd9WSyUO9zI/edit?usp=sharing

[henrikplate]

I made several changes and additions to the threat modelling document. It is still a draft, incomplete, etc. but better than the previous version (which, frankly, did not receive a lot of love beyond the changes made during the actual workshop sessions).

Maybe you have some time to review/comment/approve those changes, esp. concerning

• the description of trust boundaries and related works,
• the re-grouping of threats into two main groups in section "Threats": those resulting from the consumption of 3P code and components (and leading to initial access to some system), and all others that kind of follow such initial access (i.e. assume the infection of some dev-related systems, esp. developer machines) or describe other things that can go wrong with internal data flows,
• the individual threat tables up until page 12, which exemplify the level of detail and content I would expect in the document (note the ones after p.12 are much more drafty, no need to look at this point)

It would be great to discuss any questions during tomorrow's WG meeting or next week Monday during the TM workshop.

[APM05]

A suggestion is to have content separated for volunteers to take up and review instead of the whole doc. Can we have a few volunteers to help do the review, so we can get this moving with it?

[APM05]

Suggestion -We should think in terms of generating the OSCAL as output to the threat modelling.