Justin Cappos

Expiry in TUF is there to detect freeze attacks and similar. I think that the use of a repository, issue trackers, etc. makes this a lot less of a problem....

If you haven't done the [self-assessment](https://tag-security.cncf.io/community/assessments/guide/self-assessment/), please start this. I'd recommend reading [this book](https://github.com/cncf/tag-security/blob/main/community/assessments/Open_and_Secure.pdf), which is a lightweight guide to help you get started. > In the meantime, is there...

@realshuting And don't forget to work on the feedback given on your PR! https://github.com/cncf/tag-security/pull/1486

I think some of your changes will get merged in via @brandtkeller 's [recent PR](https://github.com/cncf/toc/pull/1835). However, due to the TOC's reshuffling of things, the assessment template was lost until @jpower432...

@realshuting pinging again.

@trumant @0dd @sunstonesecure-robert @zoltani @camilaavilarinho Please chime in if you'd like to participate in the review. If so, please read the [security reviewer guidelines](https://tag-security.cncf.io/community/assessments/guide/security-reviewer/) and make a stated declaration of...

> I'll contribute into this effort where I can, no conflicts except professional use Would you like to lead, @sublimino ? We don't have anyone who has stepped up to...

Okay, I've updated the issue to add everyone who volunteered. I also made the slack channel on the CNCF slack (#sec-assess-kyverno). @jackap @sunstonesecure-robert , please join. Everyone else I knew...

Absolutely! Please send a PR. :D On Tue, Nov 11, 2025 at 3:57 PM Sivana Hamer ***@***.***> wrote: > *sivanahamer* created an issue (cncf/tag-security#1501) > > > Hi! > >...

Likely TAG-Security and Compliance should have at least some involvement to steer here. This could largely be removed by going off of OpenSSF or TAG S&C guidance in this space.