[
https://issues.apache.org/jira/browse/RANGER-5652?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Abhishek Kumar reassigned RANGER-5652:
--------------------------------------
Assignee: Jarek Potiuk
> Add THREAT_MODEL.md + SECURITY.md/AGENTS.md security-model discoverability
> --------------------------------------------------------------------------
>
> Key: RANGER-5652
> URL: https://issues.apache.org/jira/browse/RANGER-5652
> Project: Ranger
> Issue Type: Task
> Components: documentation
> Reporter: Jarek Potiuk
> Assignee: Jarek Potiuk
> Priority: Major
>
> Apache Ranger had no in-repo security-model document or the conventional
> AGENTS.md -> SECURITY.md -> THREAT_MODEL.md discoverability chain that lets
> automated security scanners (and human reviewers) mechanically locate the
> project's threat model.
> PR apache/ranger#994 (merged) adds:
> - THREAT_MODEL.md — a threat model for Ranger's high-value boundaries (policy
> decision/distribution path, admin REST API, per-service plugin trust, KMS),
> reviewed and answered by the Ranger PMC.
> - SECURITY.md — ASF security-process pointer.
> - AGENTS.md -> SECURITY.md -> THREAT_MODEL.md discoverability wiring.
> This issue is filed retroactively to track that change in JIRA per project
> convention, at the PMC's request. The work was drafted by the ASF Security
> team and reviewed/owned by the Ranger PMC.
> PR: https://github.com/apache/ranger/pull/994
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
