By Kay Williams
Security SIG Chair
Hey everyone, I am excited to announce the formation of the Security SIG – the CD Foundation’s first Special Interest Group (SIG)! The Security SIG began as a lightning talk at the first CD Summit in Barcelona this past May, and progressed to a formal proposal in August. In September it was adopted by the Technical Operating Committee (TOC).
The charter for the Security SIG is to provide a neutral home for discussion around designs, specifications, code and processes to enable security across the software supply chain. Topics of interest include the following:
- Observability – enabling actions performed while writing code, compiling, testing, and distributing software to be manifest and verifiable.
- Policy – enabling consumers of software to specify and implement policy over consumed software.
- Inventory – enabling administrators to inventory and audit software used within their organizations.
- Runtime Security– enabling detection and prevention of software tampering at runtime.
- Vulnerability Communication – providing mechanisms for breaches in the integrity of software to be communicated and remediated.
- Vulnerability Recovery – providing mechanisms for consumers to recover from compromised or untrusted software.
Membership in the Security SIG is open to the public. Here are some details:
- Security SIG communication happens via a public mailing list: https://lists.cd.foundation/g/sig-security
- The Security SIG meets every other week at 8 AM Pacific, immediately preceding TOC meetings. Our first meeting will be on October 8, 2019.
- Meeting agendas and minutes are here: https://docs.google.com/document/d/1R-o4TuIed-CX2QIe25HD6793PzPAgojZMbz3q78lqYM/edit#
- Download this invitation to add the meeting to your calendar: https://zoom.us/meeting/tZcvcuugqD8tyCbzKhDecxk7i_DTjwwoxw/ics?icsToken=16e7a1f824ad13ceb2a417f99e43dbc02fcc6db5825820f64677b5dec84af379
All are welcome to join the mailing list and attend meetings. We look forward to building a more secure future together!