tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Project] "Applied Research" Subactivity

Open JustinCappos opened this issue 2 years ago • 1 comments
trafficstars

Description: The STAG group members often have good ideas they want to get out to the broader community. We've started to write up blog entries, etc. It may be useful to have a process to have them come out from STAG and be marketed as such.

Here is an example article: https://thenewstack.io/security-of-software-update-systems-in-2023/

Impact: This will help others get security awareness and bring in new contributors to TAG Security.

Scope: It will take a week to a month for the authors of each post depending on the content. There will be some minor work for the organizers to choose the topics and coordinate logistics. Most likely the group will publish 3-4 of these a year so that work will not be onerous.

Intent to lead:

  • [X] I volunteer to be a project lead on this proposal if the community is interested in pursing this work. This statement of intent does not preclude others from co-leading or becoming lead in my stead. (I nominate @anvega to potentially take this over if he is interested)

Proposal to Project:

  • [X] Added to the planned meeting template for August 30th
  • [X] Raised in a Security TAG meeting to determine interest - August 30th
  • [ ] Collaborators comment on issue for determine interest and nominate project lead
  • [ ] Scope determined via meeting mm dd and/or shared document add link with call for participation in #tag-security slack channel thread add link and mailing list email add link
  • [ ] Scope presented to Security TAG leadership and Sponsor is assigned

TO DO

  • [X] Security TAG Leadership Representative: @JustinCappos @anvega
  • [X] Project leader(s): @JustinCappos @anvega
  • [ ] Issue is assigned to project leaders and Security TAG Leadership Representative
  • [ ] Project Members:
  • [ ] Fill in addition TODO items here so the project team and community can see progress!
  • [ ] Scope
  • [ ] Deliverable(s)
  • [ ] Project Schedule
  • [ ] Slack Channel (as needed)
  • [ ] Meeting Time & Day:
  • [ ] Meeting Notes (link)
  • [ ] Meeting Details (zoom or hangouts link)
  • [ ] Retrospective

JustinCappos avatar Aug 30 '23 17:08 JustinCappos

Happy to assist with blog research and writing. I have experience as a graduate research student and am currently working on multiple CNCF security projects.

torinvdb avatar Aug 30 '23 18:08 torinvdb

Formalized this project as a working group in https://github.com/cncf/tag-security/pull/1271

I'll be creating a new issue with the next research target and updating the research directory with potential future projects. We've started on, focusing on the state of the new NIST lattice-based algorithms and post-quantum crypto. Specifically, I'm examining liboqs, which has made significant progress with forks of OpenSSL and BoringSSL. However, there are still challenges with handling the large key and signature sizes. Additionally, I'm looking into a few projects that aim to integrate this into ecosystem projects.

anvega avatar Jun 11 '24 23:06 anvega