[Proposal] Supply Chain Security Maturity Model

[dstevens-he]

Description: Design and publish a maturity model

Impact: Enable organizations and teams looking to adopt robust supply chain security to identify their current state and ideal future state across domains mapped to Supply Chain Best Practices docs, as well as provide guidance on implementation to move from one state to the other.

Scope: Define levels of maturity (# of levels TBD) across the Supply Chain areas (Source Code, Materials, Pipelines, Artifacts, Deployments/Distribution)

Intent to lead:

• I volunteer to be a project lead on this proposal if the community is
  interested in pursing this work. This statement of intent does not preclude
  others from co-leading or becoming lead in my stead.

Proposal to Project:

• Added to the planned meeting template for mm dd
• [] Raised in a Security TAG meeting to determine interest - mm dd
• Collaborators comment on issue for determine interest and nominate project
  lead
• Scope determined via meeting mm dd and/or shared document add link
  with call for participation in #tag-security slack channel thread add link
  and mailing list email add link
• Scope presented to Security TAG leadership and Sponsor is assigned

TO DO

• Security TAG Leadership Representative:
• Project leader(s):
• Issue is assigned to project leaders and Security TAG Leadership
  Representative
• Project Members:
• Fill in addition TODO items here so the project team and community can
  see progress!
• Scope
• Deliverable(s)
• Project Schedule
• Slack Channel (as needed)
• Meeting Time & Day:
• Meeting Notes (link)
• Meeting Details (zoom or hangouts link)
• Retrospective

@mnm678