Pushkar Joglekar

I went through this proposal again today. Couple of comments or requests for pointers: 1. Do we have any prior art in the form of a document that describes a...

@lumjjb thanks for the update. Should we wait until security assessment on cloud custodian goes through and then document the process in terms of roles and responsibilities as described in...

@lumjjb with https://github.com/cncf/tag-security/issues/307 complete, are we ready to revisit this ?

Closing and re-opening pull request to test this #970

@lumjjb this PR for some reason needs your approval / withdrawal of your request for changes in the review. Apart from this looks good to merge for me!

@achetal01 should we include SSDF mapping to TAG Security papers, in scope for this proposal too?

It seems there are three topics to get consensus on but largely everyone seems excited about breaking new ground here: - **Who participates in the security assessment?** It feels intuitive...

@TheFoxAtWork glad you asked. We discussed briefly on the kubernetes sig-security call last week and are mostly in alignment with past discussions. Few key points: - We will use kubernetes...

My point of view on conflict of interest, is to classify this type of exercise that is done within the confines of a CNCF project, to be a **self-assessment** where...

@rficcaglia and @randomvariable: Thank you for covering the current state already!!