Security SIG Proposal


Kay Williams <kayw@...>
 

Hi all,

Here is the proposal we mentioned at this morning's TOC meeting. You can also find the document here.

https://docs.google.com/document/d/1QHD628FJ4s9lyWtPUtzdTr2fbmnhyuB_908cfsJzDqU/edit. Feel free to make comments in the document, or send an email if you have questions.

Kay

---------------------------------------------------------------------

CDF Security SIG Proposal

1. Overview
The Security SIG creates designs, specifications, shared code and processes to enable security across the software supply chain.

2. CDF TOC Sponsor willing to regularly monitor the SIG and ensure it remains useful and productive
Dan Lorenc

3. A proposed meeting schedule, with a sample agenda
Bi-weekly meetings.

Sample agenda:
. Review proposed modifications to SIG charter or working groups
. Summary presentations/discussions from existing working groups
. Plan for quarterly face-to-face meetings

4. Details on any outcomes, or deliverables

The SIG will deliver designs, specifications, shared code and processes that meet the following goals:
. Enable actions performed while writing code, compiling, testing, and distributing software to be manifest and verifiable.
. Enable consumers of software to specify and implement policy over consumed software.
. Enable administrators to inventory and audit software used within their organizations.
. Enable detection and prevention of software tampering at runtime.
. Provide mechanisms for breaches in the integrity of software to be communicated and remediated. 
. Provide mechanisms for consumers to recover from compromised or untrusted software.

5. A list of initial members, and a chair. There should be at least 3 different companies represented

Initial members:
. Microsoft
. Google
. TBD

Chair: Kay Williams, Microsoft

6. Any resources needed from the CDF to accomplish the task. This can include funding, marketing, technical expertise or other resources. Note that some types of resources may require allocation from the Governing Board.

Initial resources include support with meetings, mailing lists, and location for sharing SIG activities, documents and results.

Join cdf-toc@lists.cd.foundation to automatically receive all group messages.