Staring Into the Abyss with the Security Technical Advisory Group

The presentation discusses the work of the Cloud Native Computing Foundation's Technical Advisory Group (TAG) Security in improving the security of cloud native projects and promoting collaboration within the open source community.

• TAG Security facilitates presentations and discussions on security-focused projects within the Cloud Native Computing Foundation (CNCF)
• TAG Security provides assistance to projects in their initial security work through the Security Pal program and self-assessment work
• TAG Security collaborates with other groups within the CNCF and the broader open source community to share learnings and improve security practices
• TAG Security is involved in the development of build frameworks for supply chain integrity such as Salsa and Fresca

One of the co-chairs of TAG Security is also part of the steering committee for Salsa, a build framework for supply chain integrity. The CNCF's Secure Software Factory reference architecture was used as the basis for Fresca, an implementation of a build tool that lives under the OpenSSF.

The CNCF Security Technical Advisory Group provides analysis and helps guide the community at large on the most appropriate security mechanisms, architectures, design patterns, and tooling. This presentation covers an introduction to the Security TAG, their charter and scope, and highlights on several efforts the TAG has undertaken (completed and in progress) with their community impact such as the Security Reviews, Supply Chain Security Paper, Security Pals, and so much more. This session is for anyone interested in cloud native security, and wishes to understand how to get involved.