[Proposal] Supply Chain Security Maturity Model

[dstevens-he]

trafficstars

Description: Design and publish a maturity model

Impact: Enable organizations and teams looking to adopt robust supply chain security to identify their current state and ideal future state across domains mapped to Supply Chain Best Practices docs, as well as provide guidance on implementation to move from one state to the other.

Scope: Define levels of maturity (# of levels TBD) across the Supply Chain areas (Source Code, Materials, Pipelines, Artifacts, Deployments/Distribution)

Intent to lead:

• [x] I volunteer to be a project lead on this proposal if the community is interested in pursing this work. This statement of intent does not preclude others from co-leading or becoming lead in my stead.

Proposal to Project:

• [ ] Added to the planned meeting template for mm dd
• [] Raised in a Security TAG meeting to determine interest - mm dd
• [ ] Collaborators comment on issue for determine interest and nominate project lead
• [ ] Scope determined via meeting mm dd and/or shared document add link with call for participation in #tag-security slack channel thread add link and mailing list email add link
• [ ] Scope presented to Security TAG leadership and Sponsor is assigned

TO DO

• [ ] Security TAG Leadership Representative:
• [ ] Project leader(s):
• [ ] Issue is assigned to project leaders and Security TAG Leadership Representative
• [ ] Project Members:
• [ ] Fill in addition TODO items here so the project team and community can see progress!
• [ ] Scope
• [ ] Deliverable(s)
• [ ] Project Schedule
• [ ] Slack Channel (as needed)
• [ ] Meeting Time & Day:
• [ ] Meeting Notes (link)
• [ ] Meeting Details (zoom or hangouts link)
• [ ] Retrospective

@mnm678