Security process documents

[!NOTE] To report a vulnerability, see the security policy, which can also be read in the top-level SECURITY.md.

Table of Contents

The documents in this directory are things we use when managing vulnerabilities:

Incident Response Plan

• irp.md is our incident response plan.

Threat Model

• threat-model.md is our provisional threat model outline.

• threat-model-notes.md are some notes, in a different form, that have informed it. It overlaps significantly with threat-model.md, but it may also occasionally be useful to refer to. (These notes are less detailed in some significant ways, including not mentioning all significant concerns and not indicating STRIDE categories.)