OpenSSF Best Practices: Assemble a security assurance case

[adam-wolfe]

Is your feature or enhancement request related to a problem or limitation? Please describe

In order to comply with the requirements of the OpenSSF Best Practices Silver Badge, we must provide documented justification for how our security requirements are met.

This assurance case must include:

• a description of the threat model;
• identification of trust boundaries;
• an argument that secure design principles have been applied; and
• an argument that common implementation security weaknesses have been countered.

Provide any additional context

Closely related to https://github.com/zowe/zowe-cli/issues/1761

See https://owasp.org/www-community/Threat_Modeling_Process for information on threat modeling and trust boundaries.

[github-actions[bot]]

Thank you for raising this enhancement request. The community has 90 days to vote on it. If the enhancement receives at least 5 upvotes, it is added to our development backlog. If it receives fewer votes, the issue is closed.