[Suggestion] Security Assessment Blog

[mnm678]

trafficstars

Description: What's your idea?

Write a blog post about the benefits of TAG Security joint assessments, explaining how they are different from self-assessments and security audits. This could be cross posted on the TAG Security blog and the cncf blog for visibility.

Impact: Describe your hopes for how this would reduce risk for the cloud native ecosystem. Who will this help? How will it help them?

Projects are not always aware of the joint assessment process, and so do not complete them. Projects can get value both from the joint assessment itself, and from the benefit a joint assessment provides in improving results of future security audits. If auditors can read materials from the joint assessment, they can save time and focus on other aspects of evaluating a project.

This relates to the TOC issue cncf/toc#1378.

Scope: How much effort will this take? ok to provide a range of options if or "not yet determined"

A blog post.