Add security threat model (THREAT_MODEL.md) + SECURITY.md/AGENTS.md discoverability#6535
Draft
potiuk wants to merge 1 commit into
Draft
Add security threat model (THREAT_MODEL.md) + SECURITY.md/AGENTS.md discoverability#6535potiuk wants to merge 1 commit into
potiuk wants to merge 1 commit into
Conversation
… discoverability v0 threat model produced by the ASF Security team via threat-model-producer (Michael Scovetta rubric, run with Claude Opus) for the PMC to review, correct, and own. Wires the AGENTS.md -> SECURITY.md -> THREAT_MODEL.md discoverability chain the scan agent follows. Every non-trivial claim is provenance-tagged; open questions for the PMC are collected in THREAT_MODEL.md section 14. Generated-by: Claude Opus 4.8 (1M context)
|
Contributor
|
Thank you! I will check the draft |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds a v0 security threat model + discoverability wiring to
apache/hive, produced by the ASF Security team for the Hive PMC to review and own — the pre-flight step for the Glasswing security scan the PMC opted into.What's here
THREAT_MODEL.md— a v0 model (Michael Scovetta rubric, run with Claude Opus) covering the HiveServer2 SQL front door, the Metastore, and the UDF / SerDe / execution layer: trust boundaries, in/out-of-scope adversaries, what Hive upholds vs. what it leaves to the operator (TLS, authorization-model choice, network isolation, UDF vetting), known non-findings, and triage dispositions. Every non-trivial claim is provenance-tagged(documented)/(maintainer)/(inferred); the(inferred)ones are our hypotheses.SECURITY.md— private reporting viasecurity@hive.apache.org+ a pointer to the model.AGENTS.md— wiresAGENTS.md → SECURITY.md → THREAT_MODEL.mdso the scan agent (and researchers) can mechanically find the model.How to engage — this is a draft to react to, not a finished artifact.
THREAT_MODEL.md§14 collects open questions in waves; answer inline a few at a time, correct anything wrong, and the model becomes the PMC's. Once you're happy, we queue the scan in OSS-criticality order. No deadline pressure with the Mythos 5 window being extended.Generated-by: Claude Opus 4.8 (1M context)