Description

Problem

Currently there is little in the way of cross-initiative coordination & visibility for efforts such as Security Pals and Security Slam. This results in a loss of potential for several reasons. There is an inability to fully utilize interested parties and influencers from across the CNCF community, a low level of sharing lessons learned, and a lack of integration with other parts of CNCF.

Proposed Solution

Create the Implementation Initiatives Working Group, designed to support and coordinate any tangible efforts that interface directly with CNCF projects.

• A minimum of two WG leads should be put in place to ensure ongoing success of the working group and alignment with TAG Security goals and recommendations.
  • [This is not to require multiple leads for every initiative]
• The WG should maintain a list of qualifications and standards for implementation initiatives.
• The WG should serve TAG Security by approving qualified initiatives, ensuring they follow the standards set forth by the community, and providing coordination across all efforts.
• A weekly meeting should be created for the working group to share updates and make progress on each initiative, or for projects to come discuss their own initiatives.

Impact

Potential positive impacts:

• By creating a structure to support and coordinate implementation initiatives, TAG Security will be able to exponentially increase the effectiveness of efforts by ensuring that common pitfalls are avoided and best practices can be developed over time.
• By opening planning efforts to the TAG Security community, more individuals and institutions will have the ability to contribute to initiatives.
• By formalizing structure, implementation initiatives can better coordinate with other CNCF groups such as events, end users, social media, ambassadors, and more.
• By scheduling a recurring call, we will create a space for projects to seek input on their own efforts to implement TAG Security recommendations.

Potential negative impacts:

• By opening implementation planning efforts to the TAG Security community, there is increased potential for beauracratic overhead and dilution of focus.

Scope

In Scope:

• Facilitation of efforts related to improving security hygiene or security documentation for CNCF projects.
• Documentation of initiative qualifications, standards, pitfalls, and best practices.

Out of Scope:

• Requests for TAG Security to make implementations to projects on their behalf.

Proposal Progress

Intent to lead:

• I volunteer to be a project lead on this proposal if the community is
  interested in pursing this work. This statement of intent does not preclude
  others from co-leading or becoming lead in my stead.

Proposal to Project:

• Raised in a Security TAG meeting to determine interest - 1/31/2024
• Collaborators comment on issue for determine interest and nominate project
  lead
• Scope determined via meeting mm dd and/or shared document add link
  with call for participation in #tag-security slack channel thread add link
  and mailing list email add link
• Scope presented to Security TAG leadership and Sponsor is assigned

TO DO

• Security TAG Leadership Representative:
• Project leader(s):
• Issue is assigned to project leaders and Security TAG Leadership
  Representative
• Project Members:
• Fill in addition TODO items here so the project team and community can
  see progress!
• Scope
• Deliverable(s)
• Project Schedule
• Slack Channel (as needed)
• Meeting Time & Day:
• Meeting Notes (link)
• Meeting Details (zoom or hangouts link)
• Retrospective