Replies: 1 comment 1 reply
-
|
@pjbgf wdyt? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Hey @makkes I think that would make sense. At the time, we created a threat model which is linked within the Multi-tenancy security self-assessment we created for the CNCF Tag Security. That was primarily focused on multi-tenancy threats and concerns at the time, some of which have since been mitigated. I definitely think there is value in reviewing it and making it public in a more consumeable format. Although I am really struggling with time lately, ping me and I would be more than happy to review it. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The Security Best Practices page currently explains how to securely configure Flux and under "Rationale" provides a bit of explanation on the background of each setting. However, there is no clear threat model mentioned on that page that would help users understand the exact circumstances under which the misconfiguration of that specific setting could be exploited.
I suggest a more concise threat description (e.g. using the STRIDE technique) to be added to each setting mentioned on the best practices page.
Beta Was this translation helpful? Give feedback.
All reactions