Volcano Project Security Self-Assessment - Security Pals #1205
Conversation
Signed-off-by: mayank-ramnani <[email protected]>
✅ Deploy Preview for tag-security canceled.
|
github-actions
bot
requested review from
ashutosh-narkar,
PushkarJ and
ragashreeshekar
Co-authored-by: Eddie Knight <[email protected]> Signed-off-by: Mayank Ramnani <[email protected]>
…rent files Signed-off-by: mayank-ramnani <[email protected]>
|
Hi @eddie-knight @ragashreeshekar, |
|
|
||
| ## Self-assessment use | ||
|
|
||
| This self-assessment is created by the Volcano team to perform an internal analysis of the project's security. It is not intended to provide a security audit of Volcano, or function as an independent assessment or attestation of Volcano's security health. |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
It was initially intended to be a collaboration between the Volcano team and the students, but we were unable to get any feedback from the team.
Fixed it to reflect the independence from the official team.
There was a problem hiding this comment.
Ah okay, that makes more sense
| @@ -0,0 +1,59 @@ | |||
| # Lightweight Threat Modelling | |||
| ## Threat Modelling Notes | |||
| - There are a total of 190 contributors and only 6 maintainers and owners thus there are 184 non-maintainer users who are in the working groups. | |||
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
I see. If it won't be helpful, it might be best to remove it.
Removed it from the notes and recommendations section.
| @@ -0,0 +1,59 @@ | |||
| # Lightweight Threat Modelling | |||
There was a problem hiding this comment.
I'd be careful with the name as these notes are more akin to a lightweight threat analysis/enumeration as opposed to threat modeling which represents a comprehensive exercise (see: OWASP Threat Modeling Process).
There was a problem hiding this comment.
I agree, changed it to threat analysis instead.
Co-authored-by: torinvdb <[email protected]> Signed-off-by: Mayank R <[email protected]>
Co-authored-by: torinvdb <[email protected]> Signed-off-by: Mayank R <[email protected]>
Signed-off-by: mayank-ramnani <[email protected]>
Signed-off-by: Ragashree M C <[email protected]>
Created and added reviewed document for the Volcano Project Security Self-Assessment.
Please feel free to share any thoughts on the self-assessment.
@eddie-knight @ragashreeshekar @Rana-KV
Original PR: #1184 (discarded due to Git and DCO issues)