tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Suggestion] Trying to understand the criterion for tools in Security Assurance

Open JasonKeirstead opened this issue 3 years ago • 6 comments

I am trying to understand the criterion for the tools in these various pages.

I will focus on one example, Threat intelligence: ( https://github.com/cncf/tag-security/blob/cnsmap/content/threat-intelligence.md )

The page does not really describe in detail the threat intelligence space. The links are a bit of a grab bag of TIPs, sharing tools, and data feeds. Also,1 of the links is to something that is not open source, it is commercial (ThreatCrowd). Yes it is free, but there are a lot of other commercial providers that provide free threat intel that could be added here. Can/should they be? Also should this page go into more detail on how to use threat intelligence?

I am happy to contirbute to fleshing out this page more. Just trying to understand the goal first before stepping on toes with a gigantic PR.

I have similar feedback for all of the pages under the "Security Assurance" area (which is my balewick & why I am focusing on that one)

JasonKeirstead avatar Aug 27 '21 15:08 JasonKeirstead

Hey @JasonKeirstead Thanks for your comments.

The general guiding principles for projects we've detailed around in https://github.com/cncf/tag-security/tree/main/security-whitepaper/cnsmap#project-listings. Our general rule favors CNCF and opensource, but in areas where there is a lacking, we include other free or commercial tools for completeness.

I am happy to contirbute to fleshing out this page more. Just trying to understand the goal first before stepping on toes with a gigantic PR.

That would be awesome - as you can tell, the level of detail very much depends on what our contributors are experts in, in this case, it would be awesome if you can help bolster up these topics!

lumjjb avatar Aug 27 '21 15:08 lumjjb

Thanks, I will submit a PR shortly

JasonKeirstead avatar Aug 27 '21 16:08 JasonKeirstead

Hi @JasonKeirstead, how's it going on this issue!

lumjjb avatar Oct 31 '21 13:10 lumjjb

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Dec 30 '21 15:12 stale[bot]

Hey @JasonKeirstead! How's it going - just pinging back on this.

lumjjb avatar Feb 21 '22 21:02 lumjjb

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Apr 24 '22 15:04 stale[bot]

@JasonKeirstead, thanks for bringing attention to the issue. Agree with you that the substance in that section you point out needs to be improved. We'd appreciate it if you could still get around the PR to raise the integrity and relevance of the paper. For now, I'll close the issue and await the PR.

anvega avatar Jun 21 '23 03:06 anvega