Actively monitored security email alias for our project: security@digitalocean.com

1. Be an actively maintained and CNCF certified distribution of Kubernetes components.
yes, DigitalOcean's managed kubernetes: DOKS

2. Have a user base not limited to your own organization.
yes, since DOKS is available to users of DigitalOcean

3. Have a publicly verifiable track record up to present day of fixing security issues.
yes, one of our biggest examples is with Spectre and Meltdown

also, we have a changelog for our managed kubernetes https://www.digitalocean.com/docs/kubernetes/changelog/

4. Not be a downstream or rebuild of another distribution.
DOKS is DO's managed Kubernetes, not a rebuild or downstream of another.

5. Be a participant and active contributor in the community.
yes, we have several members who are working on upstream contributions e.g.
https://github.com/morrislaw
https://github.com/timoreimann
https://github.com/bhcleek

6. Accept the Embargo Policy.
yes

7. Be willing to contribute back.
yes!!

8. Have someone already on the list vouch for the person requesting membership on behalf of your distribution.
Not sure, how do I go about requesting that?

LGTM

/assign @joelsmith

I verified that requesting entity appears on CNCF certified list at https://www.cncf.io/certification/software-conformance/
Opening PR to add at kubernetes/k8s.io#705