TAG Security Publications

This document lists all the publications and resources that TAG Security has produced.

Cloud Native Security Controls Catalog

Mapping of Cloud Native Security Whitepaper and Software Supply Chain Best Practices Paper to NIST SP800-53r5

Cloud Native Security Lexicon

Standardization of terminologies specific to Cloud Native Security

Markdown

Cloud Native Security Whitepaper

The Cloud Native Security Whitepaper (CNSWP) is a TAG Security effort to ensure the cloud native community has access to information about building, distributing, deploying, and running secure cloud native capabilities.

Markdown (v2)
PDF (v2)
Audio (v1)

Translations

Portuguese (v1)
Chinese (v1)

Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security

A comprehensive guide dedicated to assessing and understanding the security of open source software projects. The book is the culmination of five years of TAG Secure Assessments, practical insights, and collaborative effort from experts in the field. Our goal? To empower you with the knowledge and skills to enhance the security of the cloud native ecosystem, the projects, and their use in your organization’s platforms.

Policy

Formal Verification for Policy Configurations

Markdown

Handling build-time dependency vulnerabilities

Markdown

Secure Defaults: Cloud Native 8

Markdown

Security Assessments

TAG Security has conducted security assessments of several CNCF projects. These assessments are available to the public.

Supply Chain Security

Software Supply Chain Best Practices

The Software Supply Chain Security Paper is a TAG Security effort to ensure the cloud native community has access to information about building, distributing, deploying, and running secure software supply chains.