Staring Into the Abyss with the Security Technical Advisory Group

The presentation discusses the Secure Software Reference Architecture paper and its importance in providing a framework for communication and understanding of software security. It also highlights the engagement of the security team with other communities and projects within and outside of the CNCF.

• The Secure Software Reference Architecture paper provides a framework for communication and understanding of software security
• The security team engages with other communities and projects within and outside of the CNCF
• They offer security pills, self-assessments, and joint reviews to help projects improve their security
• The team is working on automating security controls and compliance through OSCAR
• They also have a serverless white paper in progress

The speaker mentions their experience working on a security review project, which helped them learn about the project, gain direct access to maintainers, and make connections with others in the community.

The CNCF Security Technical Advisory Group provides analysis and helps guide the community at large on the most appropriate security mechanisms, architectures, design patterns, and tooling. This presentation covers an introduction to the Security TAG, their charter and scope, and highlights on several efforts the TAG has undertaken (completed and in progress) with their community impact such as the Security Reviews, Supply Chain Security Paper, Security Pals, and so much more. This session is for anyone interested in cloud native security, and wishes to understand how to get involved.Click here to view captioning/translation in the MeetingPlay platform!