Add threat model, goals, objectives #317
Conversation
These are hinted at, but they should be clearly stated. This will make it much easier to justify the options below (including future options). Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
|
I think this should be introduced together with changes that address #283. I would also expect mitigating memory-safety issues to be mentioned in the threat model. I would argue that is a more obvious use of the guide, but I don't have any objections for addressing underhanded code too in the threat model. |
With respect, I think this needs to be added first. First, we need to make sure people understand the goals - otherwise it's not obvious why changes support the goals.
That's a good idea. I think I can add a sentence at the end of a paragraph to make that clear without adding a lot of text. |
Per review by @thomasnyman - tweak the proposed threat model text to specifically note memory safety. It's a key point, and many readers would probably expect us to mention the issue here. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
|
thomasnyman - I've added a sentence to expressly note the importance of memory safety. I made a few minor tweaks in this section since I was there anyway. |
|
Note: I view this PR as a blocker for #283 . Until we agree on the threat model we're supporting, it's hard to determine whether or not some specific flags are relevant. |
|
Turned inline links into references in footnotes to be consistent with the established style. |
Signed-off-by: Thomas Nyman <thomas.nyman@ericsson.com>
4204e22 to
6dff9b8
Compare
|
Fixed broken link to Wikipedia article introduced in 6dff9b8 |
These are hinted at, but they should be clearly stated. This will make it much easier to justify the options below (including future options).