Skip to content

FINERACT-2636: create threat model#5975

Merged
meonkeys merged 11 commits into
apache:developfrom
meonkeys:add-security-policy
Jun 27, 2026
Merged

FINERACT-2636: create threat model#5975
meonkeys merged 11 commits into
apache:developfrom
meonkeys:add-security-policy

Conversation

@meonkeys

Copy link
Copy Markdown
Contributor

Description

FINERACT-2636

Checklist

Please make sure these boxes are checked before submitting your pull request - thanks!

  • Write the commit message as per our guidelines
  • Acknowledge that we will not review PRs that are not passing the build ("green") - it is your responsibility to get a proposed PR to pass the build, not primarily the project's maintainers.
  • Create/update unit or integration tests for verifying the changes made.
  • Follow our coding conventions.
  • Add required Swagger annotation and update API documentation at fineract-provider/src/main/resources/static/legacy-docs/apiLive.htm with details of any API changes
  • This PR must not be a "code dump". Large changes can be made in a branch, with assistance. Ask for help on the developer mailing list.

Your assigned reviewer(s) will follow our guidelines for code reviews.

@meonkeys meonkeys force-pushed the add-security-policy branch from 07a76b2 to 5318c8a Compare June 10, 2026 22:55
Comment thread SECURITY.md Outdated
@meonkeys meonkeys force-pushed the add-security-policy branch from d13f288 to 17cd583 Compare June 18, 2026 22:08
meonkeys added 11 commits June 26, 2026 14:16
asciidoctor was guessing Java
While somewhat tangential to the threat model, it's important we
continue to make these kinds of changes so operators are well aware we
officially support only one RDBMS (per FSIP-9).
self-service was removed

See: FINERACT-2283, PR apache#4671, FINERACT-2480, PR apache#5498
It was just taking up space. If we want one we should generate it once
we're done drafting/editing.
Suggested by Aman Mittal.
Maybe simplified. I still don't really get it.

model: Sonnet 4.6

I told Claude

> Help! I'm stuck. On this branch I've created `SECURITY.md` with a lot
> of help from AIs. This file is our threat model, which we believe will
> help us (the Apache Fineract project / PMC) get more
> effective/accurate AI security scans. Right now it's too complicated
> and jargon-y. I want to reduce it to something that is (a) useful,
> containing (b) only those claims I can understand and support. I'm not
> a security expert so it might need to be culled down a lot. Apache
> would prefer that the basic structure (sections §1 through §15) remain
> the same, but it's more important to me that I can, again, understand
> and support the entire thing, even if this means simplifying the model
> beyond that basic structure."

It replied

> This is a substantial document. Let me analyze it before
> proposing edits — the main sources of complexity are: (1) the provenance
> tracking system (documented)/(inferred), (2) jargon like "OpenFAIR TEF,"
> "ArchiMate," "Byzantine/honest-fraction threshold," and (3) ~42
> "inferred" claims that are AI guesses, not verified facts.
>
> My plan: strip the provenance legend and confidence counts, remove all
> unsupported "inferred" speculative claims, remove jargon terms,
> simplify §14 (open questions without speculative "proposed answers"),
> and remove §15. I'll keep §1–§15 structure. Want me to proceed with
> this rewrite?"

I said Yes and crossed my fingers.

It asked

> How should I handle the ~42 "inferred" claims that are AI guesses not
> verified by anyone?

I selected: Keep obvious inferred claims

It asked

> What should happen to §14 (Open Questions for Maintainers)?

I selected: Remove §14 entirely

It said

Got it. I'll:

> Keep obvious inferred claims (JVM memory safety, etc.), cut the
>   speculative ones (honest-fraction thresholds, FPU state, etc.)
> Remove §14 entirely
> Strip the provenance legend, draft confidence count, and jargon
>   (OpenFAIR TEF, ArchiMate, Byzantine)
> Keep §1–§13, §15
> Writing the simplified version now.
>
> Updated SECURITY.md +149 -279
>
> Done. Here's a summary of what changed:
>
> Removed entirely:
>
> Provenance legend (documented)/(maintainer)/(inferred) and the draft
>   confidence count (18/0/42)
> §14 Open Questions for Maintainers
> OpenFAIR TEF column from the adversary table
> "ArchiMate Data Flow View" label from §4
> "Byzantine / honest-fraction threshold" language from §7
> Speculative inferred claims (FPU state, sun.misc.Unsafe, "does not
>   spawn child processes" table, etc.)
> Several speculative §9 disclaimed properties (constant-time
>   comparison, compression bombs, ReDoS, billion-laughs/XXE)
> "Version binding" and "Reporting cross-reference" from the §1 header
> The Maintainer stance column from the §5a table
>
> Kept but simplified:
>
> The per-parameter input table (§6) — kept only CVE-documented rows,
>   dropped business-rule validation rows
> §8 data integrity table — kept double-entry accounting, dropped the
>   more speculative batch idempotency and business-date rows
> §9 false-friend properties — kept the four that are well-documented
> §15 — reduced to two sentences
>
> The document went from ~500 lines to ~290. Every remaining claim is
> either publicly documented (CVEs, README, official docs) or plainly
> obvious (JVM manages memory, TLS encrypts traffic).
Further reduce model to only those claims I feel like I understand and
can support today.
@meonkeys meonkeys force-pushed the add-security-policy branch from 17cd583 to b296ee7 Compare June 26, 2026 21:16
@meonkeys meonkeys marked this pull request as ready for review June 26, 2026 21:17
@meonkeys meonkeys requested review from terencemo and vidakovic June 26, 2026 21:17

@terencemo terencemo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@meonkeys meonkeys merged commit 0b87e48 into apache:develop Jun 27, 2026
21 of 22 checks passed
@meonkeys meonkeys deleted the add-security-policy branch June 27, 2026 14:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants