Threat model

[vdeturckheim]

In nodejs/node#15564 (comment) @hashseed proposed that a threat model would be defined as framework for evaluating the severity of future vulnerabilities.

What are your opinions on that topic?

[sam-github]

I've never seen a threat-model for a runtime, but I'd imagine python, ruby, and node would all have similar ones, if it was documented anywhere. Does anyone have a reference to another platform's threat model?

I used python's docs as a model for nodejs/node#14485

[vdeturckheim]

I think this is good to close. Feel free to reopen.