tag-security Cloud Native Security Whitepaper v2

Cloud Native Security Whitepaper v2

Open PushkarJ opened this issue 3 years ago • 51 comments

Working draft (RFC ends April 27): https://docs.google.com/document/d/1fftLBt3XjDzyYQisEKH3TZXL1QnT_cHIbBnFtW98UOs/edit

Description

Original security whitepaper (#138) was published in Nov 2020, about 9 months ago. It is now time to update the paper and publish v2 by Kubecon EU 2022 (by which time paper will be 18 months old) to ensure the content stays relevant and useful.

Impact

Since publication of v1, Security TAG has made a lot of progress through ongoing work on several supplementary docs, websites, audio version, maps and other papers. In general, the security understanding of cloud native environments has also evolved with growing focus on ransomware and supply chain security. We have also received feedback on the paper's content and its distribution through cloud native security survey and retrospective.

Additionally, there have been several small updates in the repo, made to the original content that have improved the readability and quality of the paper. Bringing this all together merits publishing the second version, in accordance, with original goal of keeping the content always up to date.

Scope

Several tasks are in progress and there are some that would need further work

Tasks

[x] @PushkarJ: #828
[x] @sayantani11: #829
[x] @savitharaghunathan: #830
[x] @devadvocado: #832
[x] @PushkarJ: #833
[x] @faisalrazzak: #834
[x] @mateuszpruchniak: #831
[x] @fkautz @mnm678 @pratiklotia @mateuszpruchniak #844
[x] @fkautz @joelerbork #828
[x] @PushkarJ : #521

Meta Deliverables:

[x] Decide whether audio version and translations trail written copy with n-1 cadence or do we publish it together
[x] Consider renaming the whitepaper to something else based on the content
[x] Consider different format of artifacts for v2 (epub, html, mobi)
[x] Revisit distribution strategy so that the content reaches the intended audience i.e. end users
[x] Track the citations for CNSWP v1 and add it in appendix of v2

Meta tasks:

[x] Security TAG Leadership Representative: @lumjjb
[x] Project leader(s): @PushkarJ
[x] Project Members: Please comment if you are interested to join
[x] Slack Channel: # tag-security-whitepaper
[x] Meeting Time & Day: 01/12/2022, Wednesday 9AM - 10 AM PT
[x] Meeting Notes (link): https://docs.google.com/document/d/1nJvDNhZedYxAhk1zKDjqgGaw0OKHtAnPFNs-MO23ELk/edit#heading=h.sxcjkdwxafg4
[ ] Retrospective

Project Schedule

TODO	Milestone	Estimated time	Actual date
:heavy_check_mark:	Audience, Goals, & refining scope	1 week	Nov 30 2021
:heavy_check_mark:	Tasking Assignment	1 week	Dec 7 2021
:heavy_check_mark:	Content Rough-in	2-3 weeks	Feb 28 2022
:heavy_check_mark:	Collaborative Review	2 weeks	March 15 2022
:heavy_check_mark:	Executive Summary and content wrap up	2 weeks	March 30 2022
:heavy_check_mark:	Narrative Voice	1-2 weeks	March 30 2022
:heavy_check_mark:	Final Group Review	1 week	April 6 2022
:heavy_check_mark:	Community Review / Public comment adjudication	2-3 weeks	April 27 2022
:heavy_check_mark:	CNCF publishing engagement	~2-3 weeks	May 7 2022
:heavy_check_mark:	Addition to the repo	1 week	May 15 2022
:heavy_check_mark:	Blog post and publishing coordination	2-3 weeks	May 15 2022

Aug 10 '21 21:08 PushkarJ

Seems like a lot of great metadata and organization tie in. What's the thinking on revising the content itself? (not suggesting just asking)

Interested in helping potentially :)

Aug 11 '21 17:08 chasemp

thanks for detailed info, Pushkar. I'm interested in contributing.

Aug 11 '21 17:08 pratiklotia

Tagging myself as i'm interested in participating in this!

Aug 11 '21 17:08 axelsimon

Seems like a lot of great metadata and organization tie in. What's the thinking on revising the content itself? (not suggesting just asking)

Interested in helping potentially :)

Hey Chase, great to see you are interested to continue the work from v1. My thinking for revising the existing content itself is to update the content for brevity, remove mention of things that are deprecated in favor of new state of the art.

Additionally, would love to cross link sections in #737 to each section in the whitepaper so folks can jump to implementation details or recommendation from a requirement as part of an engaging learning experience :)

Aug 11 '21 17:08 PushkarJ

This sounds good @PushkarJ, I'm interested to join.

Aug 12 '21 05:08 ragashreeshekar

Sounds good. Interested to join.

Aug 22 '21 18:08 sayantani11

Sounds good. Interested in contributing.

Aug 24 '21 02:08 mayocream

revisit STAG leadership rep in January

Aug 25 '21 18:08 TheFoxAtWork

This issue has been automatically marked as inactive because it has not had recent activity.

Nov 02 '21 12:11 stale[bot]

Our friendly bot, reminded me that it is time to start working on version 2!!

I will bring this up in our weekly call tomorrow (11/03) and we can get started on this :) Excited 🎉

Nov 02 '21 19:11 PushkarJ

Perfect, please remind me to bring up some of the discussions we had with NIST around ideas to augment the whitepaper !

Nov 02 '21 19:11 lumjjb

I am interested in helping on this @PushkarJ

Nov 03 '21 17:11 captainarcher

For the NIST SSDF mapping work, I would like to contribute as well.

Nov 03 '21 17:11 faisalrazzak

@PushkarJ I'm interested in helping with v2

Nov 04 '21 11:11 JonZeolla

I am interested in helping with this!

Nov 04 '21 22:11 jedsalazar

@PushkarJ I am late to the party. Interested in helping out if you haven't maxed out on volunteers.

Nov 04 '21 23:11 savitharaghunathan

No hard limit on contributors. So everyone is welcome!!

Nov 04 '21 23:11 PushkarJ

Interested to help!

Nov 05 '21 05:11 sayantani11

Hi @PushkarJ, I'm interested in helping out with this. Just one suggestion: Can we use LaTeX for the paper instead of google docs? IMO it will produce a much better-looking and version-controlled whitepaper. WDYT?