jrvanwhy
commented
2 weeks ago This makes sense to me, but what's less clear from this new text is that a "process" is an instance of an "application". Is that still true, and is that unconditionally true? Are there any processes that are not instances of applications?
Yes, that is still true, because every process has an application ID. I added a sentence to the text clarifying that.
The threat model was written before the application ID TRD. It left the definition of "application" open for future definition. The application ID TRD solidified that definition; this updates the threat model to match.
Rendered