Skip to content

Update threat model #603

New issue
New issue
Open
Open
Update threat model#603
@ch1bo

Description

@ch1bo
ch1bo
opened on Oct 29, 2025

Why

Citing OWASP on threat modeling:

Threat modeling is best applied continuously throughout a software development project. The process is essentially the same at different levels of abstraction, although the information gets more and more granular throughout the lifecycle. Ideally, a high-level threat model should be defined early on in the concept or planning phase, and then refined throughout the lifecycle. As more details are added to the system, new attack vectors are created and exposed. The ongoing threat modeling process should examine, diagnose, and address these threats.

We had written up threat models throughout the R&D phase (tech report #1, #2 and threat-model.md), and should keep up the practice by updating the threat model to our latest understanding. Also, 2-3 prominent threats are often discussed and influence our technical design - we should describe them in detail.

What

  • Highlight key threats and risks in the technical design document
  • Update the threat model
  • TBD: do updates about performance and quality assurance as part of this (as mitigations)?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    Leios roadmap & activity

    Status

    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions