@juanrh and I have been working on a ROS 2 threat model for a few weeks.
I opened a PR to merge this doc today: https://github.com/ros2/design/pull/218
We already had a lot of great feedback but we’re always looking for more input.
For context, the objective of this work is double:
- Provide a framework to evaluate whether a commercial robotic products built with ROS 2 is secure.
- Help drive ROS 2 security enhancements.
We will also announce in a few days a security working group meeting to discuss the document content with anyone interested.