Skip to content

[security] Prepare a Threat Model for both projects #1628

New issue
New issue
Open
Open
[security] Prepare a Threat Model for both projects#1628
Labels
lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.
@azych

Description

@azych
azych
opened on Jan 16, 2025

Keeping in mind one of the OLMv1's main guiding principle - "Security by default" (https://operator-framework.github.io/operator-controller/) the security posture of both catalogd and operator-controller projects should be analyzed and a threat model for each of them should be prepared. Those models should then be kept up to date and be included in PR checklist.

CNCF tag-security's Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security might be a good resource in helping to do that, as well as other resources or discussions (eg. cncf/tag-security#903) from that group - https://github.com/cncf/tag-security

Metadata

Metadata

Assignees

No one assigned

    Labels

    lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions