Announcing the CDF Security SIG

By October 10, 2019 Blog

By Kay Williams

Security SIG Chair

10/4/2019

Hey everyone, I am excited to announce the formation of the Security SIG –  the CD Foundation’s first Special Interest Group (SIG)! The Security SIG began as a lightning talk at the first CD Summit in Barcelona this past May, and progressed to a formal proposal in August. In September it was adopted by the Technical Operating Committee (TOC).

The charter for the Security SIG is to provide a neutral home for discussion around designs, specifications, code and processes to enable security across the software supply chain. Topics of interest include the following:

  • Observability – enabling actions performed while writing code, compiling, testing, and distributing software to be manifest and verifiable.
  • Policy – enabling consumers of software to specify and implement policy over consumed software.
  • Inventory – enabling administrators to inventory and audit software used within their organizations.
  • Runtime Security– enabling detection and prevention of software tampering at runtime.
  • Vulnerability Communication – providing mechanisms for breaches in the integrity of software to be communicated and remediated.
  • Vulnerability Recovery – providing mechanisms for consumers to recover from compromised or untrusted software.

Membership in the Security SIG is open to the public. Here are some details:

Communication

Meetings

All are welcome to join the mailing list and attend meetings. We look forward to building a more secure future together!

Sincerely,

Kay