# Nova Rewards — Security Documentation

This directory contains the security posture documentation for the Nova Rewards platform.

## Documents

| Document | Description |
|----------|-------------|
| [Threat Model](./threat-model.md) | STRIDE analysis of threats across contracts, API, frontend, and infrastructure |
| [Incident Response Plan](./incident-response-plan.md) | Severity classification, response phases, and playbooks for common incident types |
| [Security Best Practices](./security-best-practices.md) | Coding and operational standards for contracts, backend, frontend, and infrastructure |

## Quick Reference

**Suspected active incident?** → Follow the [Incident Response Plan](./incident-response-plan.md)

**Starting a new feature?** → Review [Security Best Practices](./security-best-practices.md) for your layer

**Threat assessment for a change?** → Reference the [Threat Model](./threat-model.md)

**Audit reports** → See [`/docs/audits/`](../audits/README.md)