Giters

cncf / tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

Home Page:https://tag-security.cncf.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Project] "Research" Subactivity

JustinCappos opened this issue · comments

commented

Description: The STAG group members often have good ideas they want to get out to the broader community. We've started to write up blog entries, etc. It may be useful to have a process to have them come out from STAG and be marketed as such.

Here is an example article: https://thenewstack.io/security-of-software-update-systems-in-2023/

Impact: This will help others get security awareness and bring in new contributors to TAG Security.

Scope: It will take a week to a month for the authors of each post depending on the content. There will be some minor work for the organizers to choose the topics and coordinate logistics. Most likely the group will publish 3-4 of these a year so that work will not be onerous.

Intent to lead:

  • I volunteer to be a project lead on this proposal if the community is
    interested in pursing this work.     This statement of intent does not preclude
    others from co-leading or becoming lead in my stead. (I nominate @anvega to potentially take this over if he is interested)

Proposal to Project:

  • Added to the planned meeting template for August 30th
  • Raised in a Security TAG meeting to determine interest - August 30th
  • Collaborators comment on issue for determine interest and nominate project
    lead
  • Scope determined via meeting mm dd and/or shared document add link
    with call for participation in #tag-security slack channel thread add link
    and mailing list email add link
  • Scope presented to Security TAG leadership and Sponsor is assigned

TO DO

  • Security TAG Leadership Representative: @JustinCappos @anvega
  • Project leader(s): @JustinCappos @anvega
  • Issue is assigned to project leaders and Security TAG Leadership
    Representative
  • Project Members:
  • Fill in addition TODO items here so the project team and community can
    see progress!
  • Scope
  • Deliverable(s)
  • Project Schedule
  • Slack Channel (as needed)
  • Meeting Time & Day:
  • Meeting Notes (link)
  • Meeting Details (zoom or hangouts link)
  • Retrospective
commented

Happy to assist with blog research and writing. I have experience as a graduate research student and am currently working on multiple CNCF security projects.

commented

Formalized this project as a working group in #1271

I'll be creating a new issue with the next research target and updating the research directory with potential future projects. We've started on, focusing on the state of the new NIST lattice-based algorithms and post-quantum crypto. Specifically, I'm examining liboqs, which has made significant progress with forks of OpenSSL and BoringSSL. However, there are still challenges with handling the large key and signature sizes. Additionally, I'm looking into a few projects that aim to integrate this into ecosystem projects.