doc: add Node.js Threat Model
Reference: https://github.com/nodejs/security-wg/issues/799 Following up: https://github.com/nodejs/nodejs.org/pull/4896
This is another Security WG initiative. We've been actively working on that and finally, we have something to share.
This document was created aiming to provide context on what will/will not be considered a vulnerability in Node.js, targeting Security Researchers, as well as serve as a guide for application security operations in support of development teams building on top of the Node.js platform.
cc: @nodejs/security @nodejs/security-wg @nodejs/tsc
Co-authored-by: Michael Dawson midawson@redhat.com Co-authored-by: Facundo Tuesca facundo.tuesca@trailofbits.com Co-authored-by: Ulises Gascon UlisesGascon@users.noreply.github.com Co-authored-by: Thomas Gentilhomme gentilhomme.thomas@gmail.com