Re: Announcing the CDF Security SIG

Kay Williams <kayw@...>

Correction. SIG-Security meetings will be held at 8 AM Pacific. Our first meeting will be next Tuesday 10/8.  Join us!

From: Kay Williams
Sent: Friday, October 4, 2019 10:26 AM
To: cdf-toc@... <cdf-toc@...>; sig-security@... <sig-security@...>
Subject: Announcing the CDF Security SIG

Hey everyone, I am excited to announce the formation of the Security SIG -  the CD Foundation’s first Special Interest Group (SIG)! The Security SIG began as a lightning talk at the first CD Summit in Barcelona this past May, and progressed to a formal proposal in August. In September it was adopted by the Technical Operating Committee (TOC).

The charter for the Security SIG is to provide a neutral home for discussion around designs, specifications, code and processes to enable security across the software supply chain. Topics of interest include the following:

  • Observability - enabling actions performed while writing code, compiling, testing, and distributing software to be manifest and verifiable.

  • Policy - enabling consumers of software to specify and implement policy over consumed software.

  • Inventory - enabling administrators to inventory and audit software used within their organizations.

  • Runtime Security- enabling detection and prevention of software tampering at runtime.

  • Vulnerability Communication - providing mechanisms for breaches in the integrity of software to be communicated and remediated.

  • Vulnerability Recovery - providing mechanisms for consumers to recover from compromised or untrusted software.

Membership in the Security SIG is open to the public. Here are some details:



All are welcome to join the mailing list and attend meetings. We look forward to building a more secure future together!



Join to automatically receive all group messages.