GithubHelp home page GithubHelp logo

kevinsnameneedlong / tag-security Goto Github PK

View Code? Open in Web Editor NEW

This project forked from cncf/tag-security

0.0 0.0 0.0 70.85 MB

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

Home Page: https://cncf.io/projects

License: Other

Shell 1.72% JavaScript 9.28% CSS 2.60% Makefile 0.31% HTML 52.25% Dockerfile 0.07% SCSS 33.78%

tag-security's Introduction

CNCF Security Technical Advisory Group

Cloud Native Security logo

Quick links

Objective

The CNCF Security Technical Advisory Group facilitates collaboration to discover and produce resources that enable secure access, policy control, and safety for operators, administrators, developers, and end-users across the cloud native ecosystem.

Background

Cloud Native describes the building, deploying, and operating of modern applications in cloud computing environments, typically using open source. This complex ecosystem composed of different open source projects presents an increasingly complicated technology risk landscape. While there are several projects in the cloud native ecosystem that address trust, safety, and security in the dynamic interplay between the different layers of infrastructure and application services, the technological shift demands application and information security be rethought through the lens of developer experience as close to applying software engineering to design for security considerations in the effort to safeguard an integrated cloud native ecosystem as a whole.

Vision

We believe in a future where the probability and impact of attacks, breaches, and compromises are significantly reduced. Where the most common risks of today are not just mitigated but made implausible. We believe developers and operators can be empowered to understand better and be reassured by the posture of the systems they build and run through the informed use of cloud technologies with clear understanding of responsibility and risks and the unlocked ability to validate that their architectural intent meets compliance and regulatory objectives.

There is a growing ecosystem of tools that promises to unlock developer productivity and operational efficiency. We strive to fulfill the human side of the sociotechnical equation to acceleration and attain that promise including:

  1. Consumable system security architectures that account for the ever growing heterogeneity of systems and provides a framework to protect resources and data while servicing their users.
  2. Common lexicon and open source libraries that make it easy for developers to create and deploy apps that meet system security requirements.
  3. Common libraries and protocols that enable people to reason about the security of the system, such as auditing and explainability features.

Publications

TAG Security has published several resources for the community, which can be found in the publications document.

Governance

Security TAG charter outlines the scope of our group activities, as part of our governance process which details how we work.

Communications

Anyone is welcome to join our open discussions of Security TAG projects and share news related to the group's mission and charter. Much of the work of the group happens outside of Security TAG meetings and we encourage project teams to share progress updates or post questions in these channels:

Group communication:

Leadership:

Slack governance

Refer to the slack governance document for details on slack channels and posting to the channels.

Meeting times

Group meeting times are listed below:

  • US: Weekly on Wednesdays at 10:00am UTC-7 (see your timezone here)
  • EMEA: Bi-weekly on Wednesdays at 01:00pm London (see your timezone here)

Meeting minutes and agenda

Calendar

Got something to bring up or share? Review how to get a topic or presentation added to the Agenda on our process page.

Zoom Meeting Details

Meeting Link: zoom.us/my/cncftagsecurity (Password: 77777)

Meeting ID: 737 567 7271

Gatherings

Please let us know if you are going and if you are interested in attending (or helping to organize!) a gathering. Create a github issue for an event and add to list below:

Past events

New members

If you are new to the group, we encourage you to check out our New Members Page

Related groups

There are several groups that are affiliated to or do work and cover topics relevant to the work of Security TAG. These can be seen here

History

Members

Security TAG Chairs

  • Aradhana Chetal (@achetal01), TIAA [Chair term: 6/3/2021 - 9/3/2023]
  • Andrew Martin (@sublimino), ControlPlane [Chair term: 3/17/2022 - 3/17/2024]
  • Pushkar Joglekar (@PushkarJ), Independent [Chair term: 6/3/2023 - 6/3/2025]

Tech Leads

Security TAG Chair Emeriti

  • Dan Shaw (@dshaw), PayPal [Chair term: 6/3/2019 - 9/3/2020]
  • Sarah Allen (@ultrasaurus), [Chair term: 6/3/2019 - 6/3/2021]
  • Jeyappragash JJ (@pragashj), Tetrate.io [Chair term: 6/3/2019 - 6/3/2021]
  • Emily Fox (@TheFoxAtWork), Apple [Chair term: 9/28/2020 - 2/4/2022]
  • Brandon Lum (@lumjjb), Google [Chair term: 6/3/2021 - 6/3/2023]

On-going projects

Policy team

Policy is an essential component of a secure system.

Bi-weekly meetings at 3:00 PM PT focus on policy concerns and initiatives.

Co-leads

  • TBD

Co-chair representative: @achetal01

Security reviews

Security reviews are a collaborative process for the benefit of cloud native projects and prospective users by creating a consistent overview of the project and its risk profile.

Facilitator: Justin Cappos (@JustinCappos), New York University

Facilitator: Andres Vega (@anvega), ControlPlane

Co-chair representatives: @sublimino @PushkarJ

Software Supply Chain Security

Software Supply Chain attacks have come to the wider community's attention following recent high-profile attack, but have been an ongoing threat for a long time. With the ever growing importance of free and open source software, software supply chain security is crucial, particularly in cloud native environments where everything is software-defined.

Weekly meetings at 8:00 AM PT (50 min) (see your timezone here) See CNCF calendar for invite.

Facilitator for current deliverables is listed on the issue

Additional information

CNCF Security TAG reviews

As part of the CNCF project proposal process projects should create a new security review issue with a self-assessment .

Past events and meetings

For more details on past events and meetings, please see our past events page

tag-security's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.