Here are links to the threat model and the audit: <a href="https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/" rel="nofollow">https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubern...</a>