feat(doc): #919 threat model

docs/src/SUMMARY.md

@@ -11,3 +11,4 @@ SPDX-License-Identifier: MIT
 - [Security](./security/README.md)
   - [Software Assurance](./security/assurance.md)
   - [SLSA](./security/slsa.md)
+  - [Threat Model](./security/threat-model.md)

docs/src/security/README.md

@@ -6,4 +6,10 @@ SPDX-License-Identifier: MIT
 
 # Security
 
-This section evaluates Makes using various standards.
+This section evaluates Makes using various standards
+and tries to address the security of Makes as an ecosystem
+using the three following categories:
+
+- Security of using the Makes CLI.
+- Security of the software built using Makes.
+- Security of Makes as a software project.

docs/src/security/threat-model.md

@@ -0,0 +1,47 @@
+<!--
+SPDX-FileCopyrightText: 2022 Fluid Attacks and Makes contributors
+
+SPDX-License-Identifier: MIT
+-->
+
+# Threat Model
+
+## Spoofing
+
+- A user can mistype the Makes installation command
+  and wrongly install a different (potentially malicious) tool.
+
+  Mitigation:
+
+  - The installation command is given in plain-text,
+    users can copy-paste it to avoid typos.
+
+- A user can mistype the target project to be built with Makes,
+  and end-up building (and potentially running)
+  a different (potentially malicious) project.
+
+  Mitigation:
+
+  - The most common use case
+    (running makes on the project in the current working directory)
+    has a very convenient syntax: `$ m .`,
+    which is very unlikely to be mistyped.
+  - When referencing a project over the internet,
+    the user is forced to use a git provider (github/gitlab),
+    the owner account (which should be trusted by the user),
+    the target repository,
+    and a branch, commit or tag.
+
+    By using a commit,
+    the user can force the integrity of the downloaded data
+    to match what they expect.
+
+## Tampering
+
+## Repudiation
+
+## Information Disclosure
+
+## Denial of Service
+
+## Elevation of Privileges