Open idunbarh opened 6 months ago
@jksolbakken (AppSec) and I (Platforms) from the Norwegian Labor and Welfare Administration (@navikt) would like to participate on this whitepaper!
Hi @idunbarh @Starefossen, I'd like to kick off this project soon so we can attract more great folks to participate. Would you be free for a quick call next week to determine the initial structure of the paper and get things rolling? How would Wednesday 16:00 CEST suit?
@Charley-Mann That time works very well for me!
@Starefossen excellent! Would you please send me an email, so I can set up a call?
@Charley-Mann @Starefossen We're also good from our side, and I know several of the public sector usergroup member organizations are interested in participating.
We have a public sector user group meeting this Thursday (June 13th) but it might be a little late in the evening (10am PST, 1pm EST).
I got an action item to start a draft outline before that meeting. Does it work for both of you to participate and chart a path forward there?
@idunbarh @Starefossen - 10am PST this Thursday works for me. Could you please link me to the meeting invite so I can join?
I believe you need to register on the CNCF platform and then you can see the meeting info here: https://zoom-lfx.platform.linuxfoundation.org/meeting/92496539385?password=c2394fad-98a0-486d-9746-deff3b7de463
Public Sector CNCF Members are seeing Government Customer focus on securing software supply chains and receiving attestations. These attestations need to be signed and have provenance bridge across multiple company and network boundaries.
These boundaries and the sensitive nature of the products make using public repositories and public signing services unusable.
The proposal is to create a whitepaper that outlines strategies to cover several different topics.
@Charley-Mann @brandtkeller @eddiezane