From 3f4a8a000cedfc674411a99550bfb91345d73d88 Mon Sep 17 00:00:00 2001
From: Tom Hennen <tomhennen@google.com>
Date: Tue, 10 Dec 2024 19:52:50 +0000
Subject: [PATCH] add Build Environment Track reference

Signed-off-by: Tom Hennen <tomhennen@google.com>
---
 docs/spec/draft/threats.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/spec/draft/threats.md b/docs/spec/draft/threats.md
index 5a2444161..b13e6f86f 100644
--- a/docs/spec/draft/threats.md
+++ b/docs/spec/draft/threats.md
@@ -869,7 +869,9 @@ output artifact.
 *Mitigation:* This can be partially mitigated by treating build tooling,
 including OS images, as any other artifact to be verified prior to use.
 The threats described in this document apply recursively to build tooling
-as do the mitigations and examples.
+as do the mitigations and examples.  A future
+[Build Environment track](future-directions#build-environment-track) may
+provide more comprehensive guidance on how to address this threat.
 
 *Example:* MyPackage is a tarball containing an ELF executable, created by
 running `/usr/bin/tar` during its build process. An adversary compromises the