ungoogled-software/ungoogled-chromium

Define a clear threat model for this project

Open

#3287 opened on Apr 24, 2025

View on GitHub
 (4 comments) (6 reactions) (0 assignees)Python (18,674 stars) (771 forks)batch import
enhancementhelp wanted

Description

Description

A threat model should be defined in order to have discussions about security features.

Who's implementing?

  • I'm willing to implement this feature myself

The problem

It's been made clear that this project has no clearly defined threat model against which to weigh security options. This is explicitly preventing any discussions on potentially lacking security features from being taken seriously. Even the concept of just informing users of the current state of security seems off limits.

@PF4Public has said:

Any discussion that does not consider a clear and defined threat model is not serious to me

Therefore the lack of a clear and defined threat model should be remedied, and this model made public, in order to have serious discussions about security.

This issue blocks https://github.com/ungoogled-software/ungoogled-chromium/issues/2719 and may block any other security-related issues that have been brought up.

Possible solutions

I'd offer suggestions (and have) but it's been made clear that doing so is not welcome, so I believe this is something that the maintainers will need to discuss and define themselves.

Alternatives

Leave users in the dark about what security features are lacking and why, and continue to preemptively dismiss all security-related discussions because there is no threat model yet.

Additional context

I believe this "enhancement" is critical for a browser development team.

Contributor guide

Tech stack
None
Domain
security
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
5
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
over 1 week
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
needs maintainer response
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
threat modeling basicsChromium architecture awareness
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
8
Research direction
Start by reviewing the project's existing security posture and any past discussions (e.g., issue #2719). Look at Chromium's official threat model documentation to understand the baseline. Then, assess how ungoogled chromium's patches alter the security landscape. The maintainers should collaboratively define a threat model that addresses the specific modifications in this project, considering which threats are mitigated and which remain.