Skip to content

Commit

Permalink
Update process/security_baseline.md
Browse files Browse the repository at this point in the history
Co-authored-by: Zach Steindler <[email protected]>
Signed-off-by: CRob <[email protected]>
  • Loading branch information
SecurityCRob and steiza authored Jul 23, 2024
1 parent f0219fd commit 5a8dfec
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion process/security_baseline.md
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ As a project matures and progresses towards graduation, it gains wider adoption.
|Monitoring of security events is implemented if your project provides internet or infrastructure service on behalf of the foundation.|To monitor security relevant events for incident response.|If the project provides a service, monitoring SHALL be in place to raise actionable alerts when security relevant events meets pre-defined thresholds, for example host level firewall configuration is changed.|Manual review.|
|If your project provides internet or infrastructure service on behalf of the foundation, an initial security audit is conducted. Audit findings are addressed.|To identify and remediate the vulnerabilities in the internet service.|Security audit SHALL be funded through the [TAC TI funding process](https://github.com/ossf/tac/blob/main/process/TI%20Funding%20Request%20Process.md).<br /><br />SECURITY_INSIGHTS.yml SHALL be updated under “security-assessments” with a link to the audit report.|SECURITY_INSIGHTS.yml identifies the security audit report. The report provides details of the audit methodology, findings and recommendations.|

### Security Baseline - Graduated
### Security Baseline - Once Graduated
Additional security MVP baseline on top of incubating baseline:

| Security Baseline | Objective | How to Implement | How to Verify|
Expand Down

0 comments on commit 5a8dfec

Please sign in to comment.