Guideline for Applying Secure Defaults #734
Comments
PushkarJ
added
proposal
|
If worthwhile, we can also dedicate a meeting session to have a discussion around this.. However, it would be good for a discussion to have presentation to level-set and bring folks up to speed, so if someone can do a short 15 mins presentation on this, we can schedule it.. |
|
Thanks for the ping! Been waiting to see if folks are interested in this, especially to present as @lumjjb suggested, since the scope really depends on how many contributors are interested in this. If there are handful of people willing to collaborate we could write a blog post or position paper on this. If not many contributors are interested, we could merge this as a separate section into #747 |
|
@PushkarJ is this something we can float for today's meeting topic to at least walk through what a scope would look like and see if folks are interested? |
|
We did bring it up last time. Happy to revisit today and then fold it into white paper, if there is not much interest to pursue this separately :) |
|
I recommend creating a statement/document that establishes "secure by default" as a specific guiding principle. Then create some patterns that illustrate that principle. I'm happy to be a contributor on this. |
|
May be of relevance #176 |
|
Hi All, thanks for the interest in defining secure by default for cloud native community. To get things started today I documented some guiding principles for "secure by default" here: https://hackmd.io/byHwZ8WPTCaSHnXaosxVcQ You will need to sign-in to hackmd to collaborate (edit, comment). Hope this triggers some ideas from you all. Happy to discuss this in one of our regular meetings as well especially the rationale and examples :) |
|
Call to action sent out: https://lists.cncf.io/g/cncf-tag-security/message/71 |
|
@PushkarJ Could you provide an updated issue description and timeline given the call to action sent out? I think resolution of the call to action is a good deliverable for this and we can then determine at final publication if/how we can integrate this with existing group processes (such as security reviews or security pals) |
PushkarJ
changed the title
|
@TheFoxAtWork Done! |
|
4 days remaining before the doc closes for public comment :) Link: https://docs.google.com/document/d/1Y1OCgto48Woc0UsZHq7zHuYOFGYI_DTpC2o7k7KYeaA/edit# |
|
This issue has been automatically marked as inactive because it has not had recent activity. |
|
From today's meeting: Add a call out to https://web.mit.edu/Saltzer/www/publications/protection/ . Also add a note in whitepaper that it is assumed that the reader is already familiar with the terms mentioned in the paper, unless explicitly called out in the paper or CN Lexicon. |
Description: As part of #480 , a discussion sparked about what does secure defaults and applying it to a project mean for us and for the community in general. This issue is an attempt to reasonably address that through community discussions
Impact: Identify state of the art and carve content to articulate this in a standalone doc, which could be adopted in other Security TAG deliverables
Some questions we can attempt to address:
TO DO
The text was updated successfully, but these errors were encountered: