Creating an app to manage common community budget is fun, but it wouldn't be very fun to watch said funds being stolen by criminals or eaten by fraudsters. Let us think of possible external and internal threats and ways to address those.
Don't expect rough throwaway hackaton model to hold water in real-world scenario.
Scope
What are we building? (Components, attack surface)
What can go wrong? (STRIDE threat model)
What are we going to do about that?
Did we do a good job when modeling?
Deliverables
Lightweight document on possible threats and how to prevent them.
Bounty
Creating an app to manage common community budget is fun, but it wouldn't be very fun to watch said funds being stolen by criminals or eaten by fraudsters. Let us think of possible external and internal threats and ways to address those.
Don't expect rough throwaway hackaton model to hold water in real-world scenario.
Scope
Deliverables
Lightweight document on possible threats and how to prevent them.
Gain for the project
Angry users not asking where the money went?
Roles
bounty gardener: @DistributedDoge bounty worker: @DistributedDoge bounty reviewer: name / share