New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloud Native Security Whitepaper #138
Comments
@pragashj @dshaw @ultrasaurus, Jessica Walker and Sara Dornsife met to discuss white paper content - see 3/22/2018 meeting notes |
Moved outline into separate doc where we can elaborate into a full whitepaper. [OUTDATED]NOTE: As of July 2020, we have moved to a new document: Cloud Native Security Whitepaper - @dshaw] EDIT (@lumjjb): New document is at https://docs.google.com/document/d/1MEeqWvUavXK5TkuFIfoJbtxCT-2FdTw7jgYP3kxtbmk/edit?usp=sharing |
just a process question - is it more desirable to use Google Docs vs. markdown docs that can be PR'd? is the idea to minimize git activity until there is a solid draft document rather than have the full "sausage making" process clutter up the git stream? |
That is the idea, please feel free to chime in on the doc and help shape it. |
related #405 |
I would like to participate. Please include me in future discussions on it. |
+1 @vinayvenkat |
+1 please include me |
+1 |
1 similar comment
+1 |
@vinayvenkat @whaber @PushkarJ @tabbysable @trishankatdatadog I have added you all to the new working group Slack channel. For any other members of SIG-Security who may want to join us, add yourself here then please also ping me on Slack. |
Please add me at your convenience to the slack channel. Thanks @dshaw. |
@dshaw - can you add me to the slack channel please |
@dshaw me too please 🙏 |
@gadinaor - i don't see you in the members listing or in the existing slack to add you |
@TheFoxAtWork true // I'm part of it now |
May I please be added as well? Thank you @dshaw |
I'm also interested re slack and discussion on this topic, thanks @dshaw |
@kapilt i DM'd u in slack, need ur email to get u access, updates are in the channel |
May I please be added to the slack channel, I am looking to help @sublimino with his contribution. Also raising a PR to join as a member shortly. Thanks @dshaw / @TheFoxAtWork |
Updated with new schedule to allow more time for content generation |
Team is moving forward! extended the collaborative review by a week to accommodate busy schedules |
merge https://docs.google.com/document/d/11gyDDsKtMchMlj9ZKDl5LSHNxgu04tq1dTSD1BnTG9o/edit#heading=h.v65lmin9x1eb Issue #20 into the white paper |
@ultrasaurus please can you add me to Security white paper i want to give some inputs specially for Telecom perspective , thanks |
Enterprise |
Thanks Harmeet, i'll add them into the doc |
Sig-Security meeting on 9/16/2020 White paper update: https://docs.google.com/presentation/d/1JVNMxDAJFbTTmmEwpL5lh_OGajbDfZx5E40YRkg1cV0/edit#slide=id.g97edbdf573_0_48 |
Thanks to everyone who helped make this possible. The Cloud Native Security Whitepaper now lives in the repo as Markdown. As significant changes occur, we will republish the PDF by major version. |
Why: * #138 detailed a need for this and was reiterated at a recent mtg. This change addresses the need by: * creating a project resources directory * linking to existing CNCF resources * pulling in content from @annabellegoth2boss recommendation
* What: Initial set of project security resources Why: * #138 detailed a need for this and was reiterated at a recent mtg. This change addresses the need by: * creating a project resources directory * linking to existing CNCF resources * pulling in content from @annabellegoth2boss recommendation * What: fix spelling issues. * What: correcting the rest of the spelling issues * What: last two fixes * What: Updating with GitHub CNA info Why: * CNCF/LF is not a CNA because GitHub is a CNA This change addresses the need by: * modifying the incident response template to call out the portion of GitHub docs. * What: Adding dependabot info & maintenance Why: * dependabot is a ideal option when enbaled for security updates and configured for versions. * @lumjjb suggested a maintenance section in the readme and that is always smart. This change addresses the need by: * added details to the readme * testing spelling * What: adding disclaimer. * What: Updates per review Why: * @lumjjb brought up some valid items * @jlk correctly pointed out the overuse of the word "issue" and potential confusion This change addresses the need by: * added in @lumjjb's suggestions * swapped `issue` for `problem` where appropriate * improved readability in README.md for maintenance * added disclaimer * What: spelling update * What: Updates per latest review Why: * nits found This change addresses the need by: * resolving nits * What: more nits.
refer to whitepaper issue cncf#138
* What: Initial set of project security resources Why: * cncf#138 detailed a need for this and was reiterated at a recent mtg. This change addresses the need by: * creating a project resources directory * linking to existing CNCF resources * pulling in content from @annabellegoth2boss recommendation * What: fix spelling issues. * What: correcting the rest of the spelling issues * What: last two fixes * What: Updating with GitHub CNA info Why: * CNCF/LF is not a CNA because GitHub is a CNA This change addresses the need by: * modifying the incident response template to call out the portion of GitHub docs. * What: Adding dependabot info & maintenance Why: * dependabot is a ideal option when enbaled for security updates and configured for versions. * @lumjjb suggested a maintenance section in the readme and that is always smart. This change addresses the need by: * added details to the readme * testing spelling * What: adding disclaimer. * What: Updates per review Why: * @lumjjb brought up some valid items * @jlk correctly pointed out the overuse of the word "issue" and potential confusion This change addresses the need by: * added in @lumjjb's suggestions * swapped `issue` for `problem` where appropriate * improved readability in README.md for maintenance * added disclaimer * What: spelling update * What: Updates per latest review Why: * nits found This change addresses the need by: * resolving nits * What: more nits.
In 2018, SAFE WG focused on understand security, given modern (cloud native) enterprise infra, and synthesized into a common understanding; however, much of what we have learned is buried in meeting notes and presentations.
We would like to now communicate what we’ve understood to the rest of the world. One step will be to draft a SAFE whitepaper that covers over-arching concerns. Some of us met (march 22, 2019) to brainstorm a whitepaper outline:
Outline:
Current Whitepaper Work in progress:
Whitepaper ready for review Comments are turned on so please comment!
TO DO
Proposed Schedule:
SEP 23 2020 thru OCT 07 2020 - executive summary and content wrap up
~OCT 07 thru OCT 19 2020 Narrative Voice
CNCF Editorial Assistance - @dshaw @pragashj
[ ]~DUE NOV 04 2020 (subject to CNCF timeline) Final adjudication
Meeting notes for WG syncs
Meeting note and agenda
The text was updated successfully, but these errors were encountered: