security: Include a threat model (#6026)

* docs: add a reference to the threat model * docs: add a threat model
2026-01-29 06:27:49 +00:00 · 2025-10-27 11:30:56 +01:00
parent 717fe4f37c
commit 20c530121e
2 changed files with 88 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -12,6 +12,12 @@ supported with security updates:
 | 2.x   | :x:                  |
 | 1.x   | :x:                  |

+## Threat Model
+
+To better understand which classes of vulnerabilities are considered in-scope or out-of-scope for Lodash, please review the [Lodash Threat Model](./threat-model.md).
+
+The threat model defines Lodash’s trust boundaries and clarifies how security issues are assessed for triage and disclosure.
+
 ## Responsible disclosure security policy

 A responsible disclosure policy helps protect users of the project from publicly