[Initiative] Security Slam 2024

[eddie-knight]

trafficstars

What problem is this trying to solve?

Based on insights gathered from CLOMonitor, the majority of CNCF projects— including graduated projects— are underperforming on critical metrics that are statistically correlated to the presence of vulnerabilities in a project.

Due to a focus on feature prioritization or other difficulties, security hygiene is regularly sacrificed by overworked project maintainers.

How does this attempt to solve the problem?

1. Create a time-boxed period where all CNCF projects are encouraged to make a small set of improvements
2. Create a digital space for projects to share knowledge and resources related to the event goals
3. Create a digital and/or physical space for contributors and maintainers to work on the most sensitive or under-supported projects
4. Provide a long-tail incentive for projects to make these changes, especially by broadcasting the achievements made by projects

What is the status of this initiative?

### Tasks
- [x] Determine a STAG Representative: @jkjell
- [x] Determine a Project Lead who is not the STAG rep: @eddie-knight
- [ ] Establish key partnerships, such as other CNCF TAGs or CNCF Staff
- [ ] Create a landing zone for initiative documentation and outputs
- [ ] Document a sequential plan, including event preparation, execution, and followup