Skip to content

Latest commit

 

History

History
92 lines (78 loc) · 7.05 KB

roadmap.md

File metadata and controls

92 lines (78 loc) · 7.05 KB

Security TAG Roadmap

Overview

Note: TAG-Security was rebranded from SAFE working group. The below roadmap includes SAFE WG and TAG-Security in its timeline.

#2 Discover #3 Describe #4 Identify
Artifacts Personas
Use Cases
Categories
Standards
Common Definitions
Block Architecture
Catalog Projects
Fill in Boxes
Identify Gaps
Topics Presentations
TAG members & guests
Standards in Practice
Real World Systems Architecture
Platforms & Products
Tools & Libraries

Details

  1. Charter the SAFE Working Group. Draft vision, process and initial members (done, see below)
  2. Discover (Completed)
    • Explore the problem space of the working group
    • Investigating what is happening in the community today with respect to security for cloud native applications and infrastructure
    • Presentations from members & guests
    • Describe personas & use cases
    • Draft a picture or set of categories that will serve as a starting point for an evaluation framework
    • Solicit real world use cases and practices (and compensating controls) for projects
  3. Describe (in progress)
    • Define the terminology used in the output documents, and in the community
    • Describe the current state (map) of cloud native security, which might include:
      • existing standards
      • existing open source, and proprietary, solutions
      • common patterns in use today for system that works for cloud native apps. For example:
        • Extract end-to-end view of secure access, and
        • Common layering or a block architecture
  4. Identify existing security components in CNCF and projects in the CNCF landscape and catalog
    • Identify gaps and make recommendations to the community and TOC
    • Continually monitor the viability of the existing projects and update the landscape document
    • Document and disseminate best practices (provide training?)

Upcoming

TAG-Security strives to perform annual planning and quarterly reviews of our roadmap plans. The Roadmap planning project board for each annum is a live board and is continually updated. Boards may have cards added which indicate early concepts or needs for discovery, prior to become proposals or projects.

Year Board Link
2021-2022 RoadMap Planning Board

Ongoing efforts

TAG-Security maintains a few activities as regular business. Boards tracking these items linked below.

Effort Board Link Description
CNCF project security reviews Security Review Queue This board is used to manage upcoming and current security reviews and security review related activities.
TAG-Security Projects Project Tracking Board This board is used to manage upcoming proposals (backlog) and ongoing projects.
Issue Triage Triage Board This board is used to assist the Triage team in managing the queue of issues.

Completed

Milestone Date Action
First Community Translation 27 Feb 2021 Chinese translation of Whitepaper
Security Assessments => Reviews 23 Feb 2021 Retrospective resulted in process updates
APAC meetings start 1 Feb 2021 Regular meeting time added to README
Expanded to 5 Tech Leads 13 Jan 2021 TOC Approves @ashutosh-narkar, @achetal01, @anvega
Cloud Native Security Whitepaper v1 18 Nov 2020 Markdown source and images in repo
First five security assessments 21 Oct 2020 In-toto, OPA, SPIFFE/SPIRE, Harbor, Keycloak
First chair rotation 15 Sep 2020 TOC approves @TheFoxAtWork with new chair proposal process
DoD Kubernetes/Container Security controls proposed 26 Jun 2020 LF collaboration with US DoD merged to DoD repo
First Tech Leads 25 Feb 2020 TOC approves @lumjjb @TheFoxAtWork @JustinCappos
Security Assessment intake process 7 Jan 2020 Intake process and prioritization
First Cloud Native Security Day 19 Nov 2019 Event organized by @mfdii and @TheFoxAtWork
Software supply chain catalog 14 Nov 2019 Catalog
Updated personas & use cases 23 Sept 2019 Added platform implementer
Policy formal verification overview 10 Sept 2019 Documentation
First Security Assessment May 2019 In-toto
Updated Charter and Governance ratified by CNCF TOC 7 May 2019 New repo
First cut security audit guidelines 2 May 2019 Guidelines
Moved SAFE WG to CNCF 15 Apr 2019 Repo rename
CNCF WG proposal 21 Aug 2018 CNCF TAG-Security charter and roles
Policy WG merged 10 Aug 2018 Merging policy WG
First KubeCon Presentations 2-4 May 2018 Intro and deep dive
Personas & use cases 20 Apr 2018 Shared doc into repo markdown
Initial Commit for SAFE repo 13 Mar 2018 First commit
Informal discussions at Kubecon Austin Dec 2017 Meeting with CNCF community and gathering feedback