tldr - powered by Generative AI

• TAG Security facilitates presentations and discussions on security-focused projects within the Cloud Native Computing Foundation (CNCF)
• TAG Security provides assistance to projects in their initial security work through the Security Pal program and self-assessment work
• TAG Security collaborates with other groups within the CNCF and the broader open source community to share learnings and improve security practices
• TAG Security is involved in the development of build frameworks for supply chain integrity such as Salsa and Fresca

tldr - powered by Generative AI

• Observability data is difficult to analyze due to the large amounts of data emitted from cloud infrastructure, applications, and services
• Querying should be thought of as querying as code
• The primary problem is bridging the gap from a correlation perspective to make it more efficient and transformable
• The goal is to reduce developer toil and help end-users correlate their data across systems
• The work group will research, analyze, and make recommendations for future working groups or projects to implement a standard

tldr - powered by Generative AI

• The Secure Software Factory paper provides a reference architecture for communicating about supply chain security
• The paper includes a controls mapping and focuses on automation for continuous compliance
• The team engages with other communities and offers security pills and joint reviews for CNCF projects

tldr - powered by Generative AI

• The Secure Software Reference Architecture paper provides a framework for communication and understanding of software security
• The security team engages with other communities and projects within and outside of the CNCF
• They offer security pills, self-assessments, and joint reviews to help projects improve their security
• The team is working on automating security controls and compliance through OSCAR
• They also have a serverless white paper in progress