This helps establish a clean separation between **Python-specific security threats** (those tied to the language, its standard library, or common Python idioms) and **general threats** (those that could affect software regardless of implementation language).

This threat model covers **a software program written in Python**.

The Python program may provide functionality in one or both of the following ways:

- indirectly, by offering reusable components to other Python programs (as a **module**, **library**, **framework**, or similar), or

- directly, by delivering end-user functionality (CLI tool, GUI application, web service, script, etc.).

This scope intentionally excludes:

- non-Python components or ecosystems (C extensions are considered only to the extent that they interact with the Python layer in a security-relevant way).