Note
This technote is not yet published.
SQuaRE runs project infrastructure and multiple security-sensitive services, and SQuaRE team members have substantial access permissions. This tech note proposes a threat model for analyzing SQuaRE-related security risks, catalogs known gaps under that threat model, and recommends mitigations for those gaps.