Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
content: refactor threat diagram and add overview #1057
content: refactor threat diagram and add overview #1057
Changes from 14 commits
ea3c0fa
32d9cae
0bcb554
e6f3267
51594ea
efa23c4
d3242d6
ba4ded3
18ceba2
353c4ad
2eb1713
84cf3d4
984f8dd
95184d3
3a05a18
c3f63de
d2ce5b7
0273374
5fadb0f
8a0d8f8
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this split is valuable, though I think the distinction between "producer submits bad code" and "authoring", i.e. someone introduces a code change through official interfaces. Is this about first- vs. third-party changes? A distinction I often draw between producer/entity threats and authoring threats is that producer threats are often tied credential compromises, while authoring is about the intentional introduction of bad/malicious code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That was not my intent, though I think your description is more in line with what @david-a-wheeler was saying. So we need to align on the model.
I rewrote the paragraph above to hopefully better explain the difference, and add a corresponding paragraph to (A). Does that help?
The reason why I think this is a useful split is because it's grouping by mitigation. In (A) code review won't help, in (B) it will to some degree.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I think the distinction between (A) and (B) is a little clearer now, thanks!
The part about the producer practices in (A) is still a bit unclear, though. The first paragraph says "or the producer otherwise uses practices that are not deserving of the consumer's trust", while the threat description below says "Software producer intentionally submits "bad" code, following all proper processes". I think this is why I thought earlier that (A) was about bad first-party code, but it sounds like (A) rather covers producer threats that aren't related to code changes. In that case, I can see compromised producer credentials fitting as a threat category under (A).
That said, I'm fine with merging the current iteration of threats (A) and (B) with possible TODOs for further details and/or examples on the distinction between the two.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I agree it's still a bit fuzzy. I moved the TODO from (B) up to (A) and expanded it a bit to talk about compromised developer credentials, which I agree is unclear where it should go.
I'll submit now and we can hopefully improve over time :)
Thanks for the help!