Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Independent, Third Party Security Audit #5669

Open
Hoverbear opened this issue Oct 17, 2019 · 0 comments
Open

Independent, Third Party Security Audit #5669

Hoverbear opened this issue Oct 17, 2019 · 0 comments

Comments

@Hoverbear
Copy link
Member

@Hoverbear Hoverbear commented Oct 17, 2019

Feature Request

As part of our long term goals, we wish to achieve the criteria needed to becoming a CNCF graduated project. The criteria are detailed in the TOC repo.

This particular issue refers to the point:

  • Have completed an independent and third party security audit with results published of similar scope and quality as the following example (including critical vulnerabilities addressed): https://github.com/envoyproxy/envoy#security-audit and all critical vulnerabilities need to be addressed before graduation.

Is your feature request related to a problem? Please describe:

This is related to the overarching CNCF Graduating Ready project.

Describe the feature you'd like:

  1. The assignee works with administrative support and engineering staff to source, hire, and perform an independent, third part security audit.
  2. All security issues found in the audit are fixed (and verified fixed)
  3. The security audit is public published on the TiKV.org security page and this repo in the README.

Describe alternatives you've considered:

We could choose not to qualify for CNCF graduating criteria, but that does not align with our long term goals.

Teachability, Documentation, Adoption, Migration Strategy:

This task will require coordination with CNCF members, the TiKV maintainers, and the third party auditors.

@Hoverbear Hoverbear added this to To do in CNCF Graduating Ready via automation Oct 17, 2019
@Hoverbear Hoverbear moved this from To do to In progress in CNCF Graduating Ready Nov 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
CNCF Graduating Ready
  
In progress
1 participant
You can’t perform that action at this time.