[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

document annual review process to update security assessment #152

Closed
ultrasaurus opened this issue Apr 21, 2019 · 9 comments
Closed

document annual review process to update security assessment #152

ultrasaurus opened this issue Apr 21, 2019 · 9 comments
Assignees
@rficcaglia
Labels
assessment-process proposed improvements to security assessment process inactive No activity on issue/PR

Comments

@ultrasaurus
Copy link
Member

this has been discussed in meetings

well-articulated in PR comment by @rficcaglia

"I think the notion that a single point in time review ignores the reality that threats change over time. someone using this review process as evidence of "trustworthiness" can be lulled into thinking something is "safe" since it was reviewed N years ago."
@ultrasaurus ultrasaurus added the assessment-process proposed improvements to security assessment process label Apr 21, 2019
@ultrasaurus ultrasaurus mentioned this issue Apr 21, 2019
Merged
@ultrasaurus ultrasaurus added the help wanted Extra attention is needed label Jul 2, 2019
@ultrasaurus
Copy link
Member Author

It would be great if someone were to draft some text about this and suggest which of our docs it shoul go into, since this keeps coming up as a question

@ultrasaurus ultrasaurus mentioned this issue Jul 2, 2019
Closed
6 tasks
@rficcaglia
Copy link
Contributor
rficcaglia commented Jul 3, 2019 via email

@ultrasaurus ultrasaurus removed the help wanted Extra attention is needed label Jul 3, 2019
@rficcaglia
Copy link
Contributor

WIP outline... 4fee281

@rficcaglia rficcaglia mentioned this issue Aug 14, 2019
Closed
@ultrasaurus ultrasaurus mentioned this issue Oct 1, 2019
Closed
@stale
Copy link
stale bot commented Mar 17, 2020

This issue has been automatically marked as inactive because it has not had recent activity.

@stale stale bot added the inactive No activity on issue/PR label Mar 17, 2020
@lumjjb
Copy link
Contributor
lumjjb commented Jul 14, 2021

There is some text in https://github.com/cncf/tag-security/blob/main/assessments/intake-process.md for this, is this sufficient for now?

@stale stale bot removed the inactive No activity on issue/PR label Jul 14, 2021
@lumjjb
Copy link
Contributor
lumjjb commented Jul 14, 2021

Needs additional definition of scope.

@lumjjb lumjjb mentioned this issue Aug 16, 2021
Closed
@lumjjb
Copy link
Contributor
lumjjb commented Aug 25, 2021

revisit again when staleness hits.

@stale
Copy link
stale bot commented Oct 25, 2021

This issue has been automatically marked as inactive because it has not had recent activity.

@stale stale bot added the inactive No activity on issue/PR label Oct 25, 2021
@anvega
Copy link
Contributor
anvega commented Jun 21, 2023

While we recognize this is something we need to get to due to the evolving nature of software projects, it currently exceeds our capacity due to the increased number of projects in the CNCF which correlates to the increased number of projects in the assessments backlog that we need to get to. Should the TOC request a review of projects previously assessed or a new subproject under the same project umbrella, we will prioritize those. In the meantime, we will continue to follow the intake process to prioritize ordering and sequencing of assessments.

@anvega anvega closed this as completed Jun 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rficcaglia rficcaglia

Labels
assessment-process proposed improvements to security assessment process inactive No activity on issue/PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ultrasaurus @rficcaglia @lumjjb @anvega