example edit, java version, security policy

rusakovichma · May 9, 2022 · 8a1aaf7 · 8a1aaf7
1 parent f6ccf02
commit 8a1aaf7
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 4 deletions.
diff --git a/.java-version b/.java-version
@@ -0,0 +1 @@
+11
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If a security vulnerability is identified in TicTaaC please
+open an [issue](https://github.com/rusakovichma/TicTaaC/issues/new/choose)
+and/or submit a PR to resolve the identified vulnerability.
+
+The team is very responsive to reported vulnerabilities - reported issues must be resolved in 30 days or less.
+
+Note - there are several vulnerable test dependencies and test resources. These are never executed or included in a release; these vulnerable resources are present so that the functionality of TicTaaC can be tested.
diff --git a/expl/threat-model/simpest.yml b/expl/threat-model/simpest.yml
@@ -2,15 +2,15 @@ name: Simplest Data Flow for Threat Modeling
 version: 1.0.0
 assets: #We know nothing about application's data
 elements: #Here we describe the main elements of the data flow
-  - user-browser #Application User
-  - application-web-server #Web application server
+  - user-browser #Application's User
+  - application-web-server #Web application's server
   - database #Application's Database
-boundaries: #Here we define data flow diagram boundaries and context
+boundaries: #Here we define the data flow diagram boundaries and the context
   - internet #Users connect to the application from the Internet
     elements:
       - user-browser # Reference to the user element
   - amazon-vpc #Our application in Amazon VPC, for example
-    elements: #Application's components references, in VPC we have...
+    elements: #Application's components references. In VPC we have...
       - application-web-server #Web-server element ...
       - database # ... and the database
 data-flows: #Section for the flows between the elements