Staring Into the Abyss With the Security Technical Advisory Group

The presentation discusses the Secure Software Factory paper and its reference architecture, which provides a framework for communicating about supply chain security. The paper also includes a controls mapping and a focus on automation for continuous compliance. The team engages with other communities and offers security pills and joint reviews for CNCF projects.

• The Secure Software Factory paper provides a reference architecture for communicating about supply chain security
• The paper includes a controls mapping and focuses on automation for continuous compliance
• The team engages with other communities and offers security pills and joint reviews for CNCF projects

The speaker shared their personal experience of getting involved in the security review project as a way to learn about a new project and make connections with maintainers.

The CNCF Security Technical Advisory Group provides analysis and helps guide the community at large on the most appropriate security mechanisms, architectures, design patterns, and tooling. This presentation covers an introduction to the Security TAG, their charter and scope, and highlights on several efforts the TAG has undertaken (completed and in progress) with their community impact such as the Security Reviews, Supply Chain Security Paper, Security Pals, and so much more. This session is for anyone interested in cloud native security, and wishes to understand how to get involved.