Security Slam 2023 #11953
Closed
eddie-knight
started this conversation in
General
Security Slam 2023
#11953
Replies: 1 comment
-
For reference, much of this was handled in the 2022 issue #9769. Can see lots of related issues and PRs linked from there too; with |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello argo community!
In preparation for this year's Cloud Native Security Slam, we've completed a survey of CNCF end users across multiple industries, including Construction, Cybersecurity, Aerospace & Defense, Game Development & Consumer Services, Consulting, and Nuclear.
Through this survey, end users have identified their interest in seeing security improvements to the projects they use. We've asked them to share which Security Slam goals are most interesting to them— and we've compiled the results in a hope that this will help your prioritization during the upcoming event.
While some projects have not authorized us to share their name, we've still included their responses in our calculation for you. We CAN tell you that the argo responses included Procore, GadflyAI and Infosys.
After calculating the responses according to the interest-weight, we've found these to be the most interesting things that argo end users would like to see, from the five possible Security Slam badges.
More information will be announced in the event kickoff webinar on October 10th, including how to register for cash & swag prizes, details about how success is measured, and resources to help achieve each of the badge goals.
If you can't make it to the webinar, a recording will be made available within 24hrs. It will be sent out to the community newsletter with any essential details you may have missed.
Join the community & sign up for the webinar here: https://community.cncf.io/cloud-native-security-slam/
A quick look at the 2023 Event Badges
The Chronicler
Ensure that security documentation has properly formatted data relating to software supply chain security decisions, including instructions for end users seeking to validate provenance artifacts.
The Inspector
Ensure that a security self-assessment has been completed according to TAG-Security documented standards.
The Cleaner
Bring all CLOMonitor non-security scores to 100% for the project, indirectly increasing overall supply chain security (Best Practices, Documentation, License, Legal).
The Defender
Ensure each project repo is accounted for within CLOMonitor; Ensure proper check set is assigned to each project repo; Bring security score to 100% for the project (This statistically decreases the future likelihood of vulnerabilities).
The Mechanizer
Ensure that every release has an automated mechanism to supply SBOM and provenance artifacts.
Beta Was this translation helpful? Give feedback.
All reactions