...

The development of content is done in the wiki as collaboration platform. At release time the content is transferred to the readthedocs by means of the scripts provided by the documentation project.

The project security docs should consist of two portions:

• Expectations:

What the user can and cannot expect in terms of security from the software produced by the project, that is, the security requirements that the software is intended to meet. It may make include pointers into the project's architecture document.

• Assurances:

The project MUST provide an assurance case that justifies why its security requirements are met. The assurance case MUST include: a description of the threat model, clear identification of trust boundaries, an argument that secure design principles have been applied, and an argument that common implementation security weaknesses have been countered.

Existing security documentation (02. April 2020)

...