Travis Truman
Travis Truman
Appreciate the help here @jeffcshapiro and enjoy your time off
It does feel like more of a scoping definition than anything else, agreed.
@funnelfiasco I think we should consider this work in our tech writer funding proposal. This seems higher value than the style guide in terms of driving adoption and clarity.
I'm highly supportive of @puerco's perspective. Risk is broad and IP/legal risk could stay in if we think about differing groups of controls in combination for different purposes.
Given the insights spec has moved on to v2, do we want to move forward with this or close it?
Work in progress in https://docs.google.com/document/d/16zwe3eNwExvnaXLDUrkGNineZzB0r8arKE3G-cvNU0E/edit?tab=t.0#heading=h.ot23pst4vj3e
Some more related work on this topic can be found in https://github.com/trumant/assessment-attestation-example/pull/1
https://github.com/ossf/security-insights/blob/main/Makefile#L6 demonstrates that we do use the working form of `cue vet` which specifies `-d '#SecurityInsights'` I searched through the user facing documentation and couldn't find any guidance we are...
@funnelfiasco @jmeridth @jkjell any opinions here on how we can tighten up our intended usage here?
> the crosswalk matrix Is this a published artifact you could share @TheFoxAtWork ? I did some hunting and couldn't find one. When I've been looking for this information I've...