Emily Fox
Emily Fox
Description: Many members of the cloud native community either cannot read through our papers or have trouble making time to read through them. This is a proposal to initiate audio...
Description: Propose a two day virtual/hybrid/in-person summit to hack at the backlog and disconnect of CVEs, misconfigurations, software/hardware/cloud/services. Recommended minimums for representation: MITRE, GitHub, GitLab, OpenSSF, CSA, Security TAG, Linux...
Why: * lack of clarity and specific steps in previous process introduced confusion. This change addresses the need by: * clarifying the process #609 * describing the issue types *...
Description: Software Development has development stacks (MEAN, Spring, Metero, LAMP) which make getting up and running quick and easy. This suggestion is to curate a series of Cloud Native Security...
Description: We need a PR in the repo (maybe under an Events folder) that covers Cloud Native Security Con information from the perspective of the STAG running/coordinating it and defining...
Description: OpenSSD released an Open SSF vulnerability disclosure guide for OSS projects. We want to review our existing project resources and information and ensure it is alignment with the OpenSSF...
This is to migrate content from #488 regarding TOC process alignment. it has an initial update to move the TOC alignment section from the original #488 PR and should be...
Description: Modify the Security Review process to: * [ ] initiate a draft/WIP PR of the self-assessment and/or joint-review prior to the presentation to closeout the review * [ ]...
Description: Currently, the SIG performs assessments of projects at various stages in the CNCF. We receive requests to provide recommendations on the project as part of the due diligence document....
Description: Execute a pilot that introduces and encourages one or two projects to complete a [self-assessment](https://github.com/cncf/sig-security/blob/master/assessments/guide/self-assessment.md) with a CNCF SIG-Security person assigned to walk them through and guide them on...