Work with the jupyter security group to revamp the jupyter security documentation

[RRosio]

• Documentation topics (some coming from the conversations at the NSF Cybersecurity Summit's Jupyter presentation):
  • Security structure
  • a project-wide view of vulnerabilities in dependencies
  • FAQ with common: misconfigurations, local issues etc and mitigations
  • Threat models for different interested groups
    • Threat model for user
      • worst thing a notebook could do on your computer
      • risks of executing a notebook
      • How much do I need to interact with a notebook before it starts becoming a security issue? Just opening it? Trusting it? Running a cell?
      • Notebook virus that infects other notebooks has been prevented up to now, must be something in Jupyter preventing this, why hasn't that happened?
  • Documentation styles
  • Choose your own adventure style document
  • Concise guides following the Diátaxis approach

cc @rpwagner and @rcthomas

[rpwagner]

@RRosio thanks for starting this conversation!

Improving Project-wide security documentation was one the leading recommendation by the participants in the Jupyter Security Workshop last Monday (link to the notes). Specifically to start by providing a summary of security topics related to all Jupyter components and links to the existing scattered throughout the Subprojects. Being able to partner with this new Working Group on how to approach these improvements would be ideal.

Fortunately, we're not starting from scratch. There is the Project Jupyter security page as central location to host updated documentation, a survey of Jupyter security-related documentation from the Trusted CI engagement, and I would like to contribute the security training materials used for JupyterCon and other conferences.