Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Initiative] Security Slam 2024 #1309

Open
2 of 5 tasks
eddie-knight opened this issue Jul 3, 2024 · 2 comments
Open
2 of 5 tasks

[Initiative] Security Slam 2024 #1309

eddie-knight opened this issue Jul 3, 2024 · 2 comments
Assignees
@jkjell @eddie-knight

Comments

@eddie-knight
Copy link
Collaborator

eddie-knight commented Jul 3, 2024
edited
Loading

What problem is this trying to solve?

Based on insights gathered from CLOMonitor, the majority of CNCF projects— including graduated projects— are underperforming on critical metrics that are statistically correlated to the presence of vulnerabilities in a project.

Due to a focus on feature prioritization or other difficulties, security hygiene is regularly sacrificed by overworked project maintainers.

How does this attempt to solve the problem?

  1. Create a time-boxed period where all CNCF projects are encouraged to make a small set of improvements
  2. Create a digital space for projects to share knowledge and resources related to the event goals
  3. Create a digital and/or physical space for contributors and maintainers to work on the most sensitive or under-supported projects
  4. Provide a long-tail incentive for projects to make these changes, especially by broadcasting the achievements made by projects

What is the status of this initiative?

Tasks
Beta Give feedback
@eddie-knight
Copy link
Collaborator Author

eddie-knight commented Jul 5, 2024
edited
Loading

Estimated timeline (WIP):

  1. Now through Nov 12: Set expectations with projects, prepare materials, create solution patterns, etc
  2. Nov 12 - Dec 12: TAG Security to provide a unique value to projects related to security hygiene
  3. Dec 12 - ?: TAG Security to provide a unique value to Kubernetes subprojects related to security hygiene

@eddie-knight
Copy link
Collaborator Author

Unique value added in previous events, based on feedback from Argo and OpenFGA:

  1. Space for projects to discuss and share knowledge as they make the same set of improvements at the same time
  2. Recognition for security hygiene improvements

The planning team agreed that it would be nice to have additional feedback from past participants regarding the unique value added.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkjell jkjell

@eddie-knight eddie-knight

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkjell @eddie-knight