-
We'd like to take on various projects to strengthen our security posture and make our (and our customer's) supply chain secure.
There are some related tasks in here that are not strictly about securi…
-
### Describe the enhancement requested
For now this is more of a wishlist/discussion issue, but could grow into a more precise meta-task if we want to move forward.
There have been growing conce…
-
This issue covers setting up a secure supply chain for all the software we provide, both for Kubernetes and non-Kubernetes use cases.
In particular, #83 has some setup for how we will push a conta…
-
This ticket is to report that one of my favoriate bookmarked links (to this repo) is now a 404
* https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises
## Problem
I…
-
Modern web development is most commonly done by composing an application from open-source dependencies.
I suppose most of the supply chain mitigations are not proactive and that's why they're not …
-
# Authors
- @arber-salihi
- @ollol88
- @yilmi
# Summary
This RFC proposes the creation of a threat model to identify and analyze potential security risks across the AI supply chain. The goal …
-
From OEP-60: https://open-edx-proposals.readthedocs.io/en/latest/processes/oep-0060-proc-sec-group.html#focus-on-proactive-security-improvements
Example of problems: outdated or deprecated dependenci…
-
## August 20, 2024
_day-of-week_ DD MMM yyyy - _time_ EST / _time_ UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project lead…
-
## Date
_Tues_ 23 July 2024 - _10am_ EST / _time_ UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project leads** are responsib…
-
Cross reference with https://discuss.scientific-python.org/t/spec-8-supply-chain-security/1163
Copying from @tupui's original post there, areas of focus could be:
* [OpenSSF 4](https://openssf.o…