ROS 2 Threat Model

Hi everyone,
@juanrh and I have been working on a ROS 2 threat model for a few weeks.

I opened a PR to merge this doc today:

We already had a lot of great feedback but we’re always looking for more input.

For context, the objective of this work is double:

  1. Provide a framework to evaluate whether a commercial robotic products built with ROS 2 is secure.
  2. Help drive ROS 2 security enhancements.

We will also announce in a few days a security working group meeting to discuss the document content with anyone interested.