Skip to content

[Feature]: Threat model review of MEF based extensibility framework. #345

New issue
New issue
Open
Open
[Feature]: Threat model review of MEF based extensibility framework.#345
Labels
enhancementNew feature or request
Milestone
Public Preview
@pvillads

Description

@pvillads
pvillads
opened on Jun 12, 2024

Is your feature request related to a problem? Please describe.

The extensibility framework relies on MEF to load assemblies with extensions. This is not new: The same thing is currently done by the pac.exe tool. However, we need to get a signoff of the model that we use to load assemblies. If we decide that some addins have to be signed, then the strength of those checks need to be reviewed.

Describe the solution you'd like

A threat model must be created and a safety review have to be performed.

Describe alternatives you've considered

There are no alternatives. This deliverable can only be closed when the review has been performed.

Additional context?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions