| title | description | sidebar_position | author | ms.date | ms.topic | keywords | estimated_reading_time | |||
|---|---|---|---|---|---|---|---|---|---|---|
Security Documentation |
Index of security documentation including threat model and assurance case for HVE Core |
1 |
Microsoft |
2026-03-01 |
overview |
|
2 |
This directory contains security documentation for HVE Core, demonstrating defense-in-depth security practices.
| Document | Description |
|---|---|
| Threat Model | Comprehensive threat model and security assurance case |
| Dependency Pinning | Pinning strategies and CI enforcement for all dependency types |
| SBOM Verification | SBOM attestation verification and consumption guide |
| SECURITY.md | Vulnerability disclosure and reporting process |
HVE Core is an enterprise prompt engineering framework that:
- Contains no runtime services or user data storage
- Operates as development-time tooling consumed by GitHub Copilot
- Relies on defense-in-depth with 20+ automated security controls
The threat model documents:
- 36 threats across STRIDE, AI-specific, and Responsible AI categories
- Security controls mapped to each threat
- MCP server trust analysis
- Quantitative security metrics
- GSN-style assurance argument
- Branch Protection: Repository protection configuration
- MCP Configuration: MCP server setup and trust guidance
- GOVERNANCE.md: Project governance and maintainer roles
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.