[Suggestion] Security Assessment Blog #1398
Labels
suggestion
New suggestion for the CNCF sig-security group that don't fall into an existing category
triage-required
Requires triage
Comments
mnm678
added
suggestion
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description: What's your idea?
Write a blog post about the benefits of TAG Security joint assessments, explaining how they are different from self-assessments and security audits. This could be cross posted on the TAG Security blog and the cncf blog for visibility.
Impact: Describe your hopes for how this would reduce risk for the cloud native ecosystem. Who will this help? How will it help them?
Projects are not always aware of the joint assessment process, and so do not complete them. Projects can get value both from the joint assessment itself, and from the benefit a joint assessment provides in improving results of future security audits. If auditors can read materials from the joint assessment, they can save time and focus on other aspects of evaluating a project.
This relates to the TOC issue cncf/toc#1378.
Scope: How much effort will this take? ok to provide a range of options if or "not yet determined"
A blog post.
The text was updated successfully, but these errors were encountered: