Security TAG Roadmap

Overview

Note: TAG-Security was rebranded from SAFE working group. The below roadmap includes SAFE WG and TAG-Security in its timeline.

#2 Discover#3 Describe#4 Identify
ArtifactsPersonas
Use Cases
Categories
Standards
Common Definitions
Block Architecture
Catalog Projects
Fill in Boxes
Identify Gaps
TopicsPresentations
TAG members & guests
Standards in Practice
Real World Systems Architecture
Platforms & Products
Tools & Libraries

Details

  1. Charter the SAFE Working Group. Draft vision, process and initial members (done, see below)
  2. Discover (Completed)
    • Explore the problem space of the working group
    • Investigating what is happening in the community today with respect to security for cloud native applications and infrastructure
    • Presentations from members & guests
    • Describe personas & use cases
    • Draft a picture or set of categories that will serve as a starting point for an evaluation framework
    • Solicit real world use cases and practices (and compensating controls) for projects
  3. Describe (in progress)
    • Define the terminology used in the output documents, and in the community
    • Describe the current state (map) of cloud native security, which might include:
      • existing standards
      • existing open source, and proprietary, solutions
      • common patterns in use today for system that works for cloud native apps. For example:
        • Extract end-to-end view of secure access, and
        • Common layering or a block architecture
  4. Identify existing security components in CNCF and projects in the CNCF landscape and catalog
    • Identify gaps and make recommendations to the community and TOC
    • Continually monitor the viability of the existing projects and update the landscape document
    • Document and disseminate best practices (provide training?)

Upcoming

TAG-Security strives to perform annual planning and quarterly reviews of our roadmap plans. The Roadmap planning project board for each annum is a live board and is continually updated. Boards may have cards added which indicate early concepts or needs for discovery, prior to become proposals or projects.

YearBoard Link
2021-2022RoadMap Planning Board

Ongoing efforts

TAG-Security maintains a few activities as regular business. Boards tracking these items linked below.

EffortBoard LinkDescription
CNCF project security reviewsSecurity Review QueueThis board is used to manage upcoming and current security reviews and security review related activities.
TAG-Security ProjectsProject Tracking BoardThis board is used to manage upcoming proposals (backlog) and ongoing projects.
Issue TriageTriage BoardThis board is used to assist the Triage team in managing the queue of issues.

Completed

MilestoneDateAction
First Community Translation27 Feb 2021Chinese translation of Whitepaper
Security Assessments => Reviews23 Feb 2021Retrospective resulted in process updates
APAC meetings start1 Feb 2021Regular meeting time added to README
Expanded to 5 Tech Leads13 Jan 2021TOC Approves @ashutosh-narkar, @achetal01, @anvega
Cloud Native Security Whitepaper v118 Nov 2020Markdown source and images in repo
First five security assessments21 Oct 2020In-toto, OPA, SPIFFE/SPIRE, Harbor, Keycloak
First chair rotation15 Sep 2020TOC approves @TheFoxAtWork with new chair proposal process
DoD Kubernetes/Container Security controls proposed26 Jun 2020LF collaboration with US DoD merged to DoD repo
First Tech Leads25 Feb 2020TOC approves @lumjjb @TheFoxAtWork @JustinCappos
Security Assessment intake process7 Jan 2020Intake process and prioritization
First Cloud Native Security Day19 Nov 2019Event organized by @mfdii and @TheFoxAtWork
Software supply chain catalog14 Nov 2019Catalog
Updated personas & use cases23 Sept 2019Added platform implementer
Policy formal verification overview10 Sept 2019Documentation
First Security AssessmentMay 2019In-toto
Updated Charter and Governance ratified by CNCF TOC7 May 2019New repo
First cut security audit guidelines2 May 2019Guidelines
Moved SAFE WG to CNCF15 Apr 2019Repo rename
CNCF WG proposal21 Aug 2018CNCF TAG-Security charter and roles
Policy WG merged10 Aug 2018Merging policy WG
First KubeCon Presentations2-4 May 2018Intro and deep dive
Personas & use cases20 Apr 2018Shared doc into repo markdown
Initial Commit for SAFE repo13 Mar 2018First commit
Informal discussions at Kubecon AustinDec 2017Meeting with CNCF community and gathering feedback