tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Suggestion] Collaborate with broader community on supply chain security attack catalog

Open mlieberman85 opened this issue 3 years ago • 5 comments
trafficstars

Description: The Security TAG has done some work based on work by @SantiagoTorres. OpenSSF is looking at potentially starting their own catalog or want to contribute to existing catalogs. There is also a lot of other work in the community outside of CNCF and OpenSSF working on this as well that we should figure out how to collaborate with.

This issue is here to track that collaboration.

@SantiagoTorres @TheFoxAtWork @lumjjb

mlieberman85 avatar Nov 23 '21 15:11 mlieberman85

I'm more than happy to discuss this. Ideally I think having a one-stop-shop for this catalog and such would be ideal, we could perhaps join forces with the OpenSSF and make it a joint effort. Part of what at some point I was hoping to see derived from the catalog was:

  1. A more formal description of the attacks
  2. perhaps a web site/queryable interface for people to more interactively explore the attacks, their vectors, their impact etc.
  3. On that note, I wonder if we could also work on some viz aspects of the same.

Overall, I see a lot of people refer to it to motivate/understand the threat space, so kudos for everybody that worked on this!

SantiagoTorres avatar Nov 23 '21 16:11 SantiagoTorres

Thanks for opening this @mlieberman85 ! Yea this is a great opportunity to get together to work towards the common goal! What do you think the best way to engage would be? A couple of us can drop by an OpenSSF meeting or vice versa, and/or we could talk on the issue.

lumjjb avatar Nov 23 '21 16:11 lumjjb

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Jan 23 '22 01:01 stale[bot]

@mlieberman85 which working group should this be discussed in with the OpenSSF? Can we put it on one of the upcoming agenda?

lumjjb avatar Feb 16 '22 18:02 lumjjb

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Apr 17 '22 18:04 stale[bot]

Closing this issue as we've continued to maintain the compromise catalog with many external contributions. Perhaps a stretch goal to revisit is how to host it on the microsite or as its dedicate page. For now, though, I'll proceed to close the issue.

anvega avatar Jun 21 '23 03:06 anvega