SIG Security sig-security@lists.cd.foundation

CDF Security SIG

1. Overview

The Security SIG creates designs, specifications, shared code and processes to enable security across the software supply chain.

2. CDF TOC Sponsor

Willing to regularly monitor the SIG and ensure it remains useful and productive

  • Dan Lorenc

3. A proposed meeting schedule, with a sample agenda

Bi-weekly meetings.

Sample agenda:

  • Review proposed modifications to SIG charter or working groups
  • Summary presentations/discussions from existing working groups
  • Plan for quarterly face-to-face meetings

4. Details on any outcomes, or deliverables

The SIG will deliver designs, specifications, shared code and processes that meet the following goals:

  • Enable actions performed while writing code, compiling, testing, and distributing software to be manifest and verifiable.
  • Enable consumers of software to specify and implement policy over consumed software.
  • Enable administrators to inventory and audit software used within their organizations.
  • Enable detection and prevention of software tampering at runtime.
  • Provide mechanisms for breaches in the integrity of software to be communicated and remediated.
  • Provide mechanisms for consumers to recover from compromised or untrusted software.

5. A list of initial members, and a chair. There should be at least 3 different companies represented

Initial members:

Chair: Kay Williams

6. Any resources needed from the CDF to accomplish the task.

This can include funding, marketing, technical expertise or other resources. Note that some types of resources may require allocation from the Governing Board.

  • Initial resources include support with meetings, mailing lists, and location for sharing SIG activities, documents and results.

Group Information

  • https://github.com/cdfoundation/sig-security
  • 20 Members
  • 9 Topics, Last Post:
  • Started on
  • Feed

Group Settings

  • This is a subgroup of main.
  • All subscribers can post to the group.
  • Posts to this group do not require approval from the moderators.
  • Messages are set to reply to group.
  • Subscriptions to this group do not require approval from the moderators.
  • Archives are visible to anyone.
  • Wiki is visible to subscribers only.
  • Members can edit their messages.
  • Members can set their subscriptions to no email.

Top Hashtags [See All]

 or  Log In If You Are Already A Member

Message History

Group Email Addresses