The Security SIG provides a neutral home for discussion around designs, specifications, shared code and processes to enable security across the software supply chain. Topics of interest include the following:
- Observability- enable actions performed while writing code, compiling, testing, and distributing software to be manifest and verifiable.
- Policy - enable consumers of software to specify and implement policy over consumed software.
- Inventory - enable administrators to inventory and audit software used within their organizations.
- Runtime Security - enable detection and prevention of software tampering at runtime.
- Vulnerability Communication - provide mechanisms for breaches in the integrity of software to be communicated and remediated.
- Vulnerability Recovery - provide mechanisms for consumers to recover from compromised or untrusted software.
Anyone is welcome to join our open discussions of SIG-Security projects and share news related to the group's mission and charter. Much of the work of the group happens outside of SIG-Security meetings and we encourage project teams to share progress updates or post questions in these channels:
- Mail Address: sig-security@lists.cd.foundation
- CDF Slack #sig-security channel
CDF Special Interest Group - Security
- Agenda and Minutes
- Meetings are conducted on every other Tuesday at 08:00am Pacific prior to the TOC meeting
- Download this invitation to add the meeting to your calendar
- Kay Williams (Microsoft) - Chair
- Brian Russell (Google) - Co-chair
- Fred Blaise (CloudBees) - Co-chair
- Dan Lorenc (Google) - TOC Sponsor