Pull Request -NYU Tandon NATS Self Assessment Student Team

[Ricardo-A-Zapata]

The NYU Tandon NATS Self Assessment Student Team has created a security self-assessment for NATS for review by the TAG-Security Committee.

[netlify[bot]]

✅ Deploy Preview for tag-security canceled.

Name	Link
🔨 Latest commit	f6b20164064145c52b6c8ada58513bf272267e82
🔍 Latest deploy log	https://app.netlify.com/sites/tag-security/deploys/65a721152c1c0a0008c99d0b

[eddie-knight]

Hi there, thanks for the work you did on this self-assessment!

I'm just now cracking this open for review, and the first thing I noticed is that you included an SBOM along with the self assessment. There are two reasons that jump to the front of my mind for why this isn't needed...

1. SBOMs should be associated with releases, as the bill of materials is only accurate and useful if it is created at build time and only known to be associated to a particular point in the code history.
2. If you need to link to an SBOM for some reason in the self-assessment, you can just provide a link out to the latest build artifacts that contain an SBOM.

We still have plenty more to review, but as a starter— could you please remove the SBOM from this PR?

[ddk304]

Thank you for the feedback! We have removed the SBOM.

[ragashreeshekar]

Thank you for the updates. Largely looks good to me. Just one from my end on having one H1 for this document

Tagging @eddie-knight for your review, and @JustinCappos both for your opinion on including maintainers for their ack and review of this work, followed by chair review (as applicable) and merging them to the repo.