Skip to content

New threat model: cycle tracker app#43622

Merged
Elchi3 merged 9 commits intomainfrom
TM_PWA
Apr 29, 2026
Merged

New threat model: cycle tracker app#43622
Elchi3 merged 9 commits intomainfrom
TM_PWA

Conversation

@estelle
Copy link
Copy Markdown
Member

@estelle estelle commented Mar 30, 2026
edited
Loading

threat model example

I didn't add any links to this yet. Want to make sure it's something we actually want to include before doing the additional work

retated to the #42980 PR
@estelle estelle requested a review from a team as a code owner March 30, 2026 11:48
@estelle estelle requested review from hamishwillee and removed request for a team March 30, 2026 11:48
@github-actions github-actions Bot added the Content:Security Security docs label Mar 30, 2026
@estelle estelle requested a review from Elchi3 March 30, 2026 11:48
@github-actions github-actions Bot added the size/m [PR only] 51-500 LoC changed label Mar 30, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 30, 2026
edited
Loading

Preview URLs (1 page)

External URLs (1)

URL: /en-US/docs/Web/Security/Threat_modeling/PWA_threat_model
Title: PWA example threat model

(comment last updated: 2026-04-24 12:35:20)
hamishwillee
hamishwillee reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@hamishwillee hamishwillee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW I would not replace the proposed threat model with this but it does not hurt to have multiple theat model examples. This could reasonably live alongside the other example OR it could be part of the Cycle tracker docs as "the threat model", not "an example". That might even be cool as a demonstration of best practise.

@estelle @Elchi3 Really up to you two to decide whether you want to do this. I'll review it in detail if you decide you want to include it.
@estelle
Copy link
Copy Markdown
Member Author

estelle commented Apr 7, 2026

FWIW I would not replace the proposed threat model with this but it does not hurt to have multiple theat model examples. This could reasonably live alongside the other example OR it could be part of the Cycle tracker docs as "the threat model", not "an example". That might even be cool as a demonstration of best practise.

Completely agree. My thoughts exactly. Either as a second (or third) example in the security area, or likely living within the PWA section when we start adding security and privacy best practices to all our content like we do a11y.

My thought as a "third" was that creating a threat model for a regular menstrual tracking app might be useful to show how threats can really be dangerous, and hilighting why the PWA is a good solution. But that kind of goes beyond MDN scope... though such an exercise might be a good way of demonstrating WHY we do threat models.
@hamishwillee
Copy link
Copy Markdown
Collaborator

hamishwillee commented Apr 10, 2026

n exercise might be a good way of demonstrating WHY we do threat models.

Yeah, there are genuine threats in this use case. Still think @Elchi3 should review first, mostly because I'm way behind on my FF docs - also because he has a much better view of threat models.
Elchi3
Elchi3 requested changes Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Elchi3 Elchi3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review for "1. What are we working on?"
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
estelle and others added 4 commits April 24, 2026 11:18
@estelle @Elchi3
Apply suggestions from code review
13e061b 
Co-authored-by: Florian Scholz <fs@florianscholz.com>
@estelle
Fix table formatting and update threat IDs
1b3610e
@estelle @github-actions
Apply suggestions from code review
31d64e5 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@estelle
Update data flows and identified threats sections
c20942d
@estelle estelle requested a review from Elchi3 April 24, 2026 09:31
github-actions[bot]
github-actions Bot reviewed Apr 24, 2026
View reviewed changes
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
Comment thread files/en-us/web/security/threat_modeling/pwa_threat_model/index.md Outdated
@estelle @github-actions
Apply suggestions from code review
e523423 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Elchi3
Elchi3 approved these changes Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Elchi3 Elchi3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Estelle! 👍
@Elchi3 Elchi3 merged commit f0cf648 into main Apr 29, 2026
13 checks passed
@Elchi3 Elchi3 deleted the TM_PWA branch April 29, 2026 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Content:Security Security docs size/m [PR only] 51-500 LoC changed

4 participants

@estelle @hamishwillee @Elchi3 @mdn-bot