STRIDE Threat Model for EdgeX v3

[nyameen]

Hello EdgeX community,

I was reading through some of the V3 Migration guides and saw a mention to a STRIDE threat model for EdgeX v3. When referring to the report, it shows a threat model for version 2.2.

Are there any plans to update the model to reflect version 3.0?

Thank you!

[bnevis-i]

Are there any plans to update the model to reflect version 3.0?

No. The STRIDE threat model was done as an outside-in view, and isn't sufficiently detailed to capture the internal architecture of EdgeX. Some of the big changes in EdgeX 3.0, like changing to a different API gateway, or adding internal microservice authentication, wouldn't be reflected in the threat model due to that reason, and are essentially swapping out one component for another.