+1, Binding

Forwarding here as well, if anyone is interested in leaving feedback. -- Stephen ---------- Forwarded message --------- From: Stephen Augustus <stephen.k8s@...> Date: Wed, Dec 2, 2020, 22:56 Subject:

Hi all, We'll be meeting tomorrow: Agenda: Optional SIG Updates New Training Course on Diversity in Open Source Moved: Security Scanning for projects to December 15th when Liz is able to make the

+1 NB On Wed, Nov 18, 2020 12:49 PM, Archy k ayrat.khayretdinov@... wrote: #velocity, I S A A C M O S Q U E R A Chief Technology Officer e: isaac@... p: 703.795.5322 t:

I'm sorry folks, I have a conflict coming up on Tuesday 1st, and I am going to have to skip the TOC meeting Liz

The etcd project has been approved for graduation. (https://lists.cncf.io/g/cncf-toc/message/5452) +1 Binding 9/10 Matt Klein: https://lists.cncf.io/g/cncf-toc/message/5453 Brendan Burns:

Hello everyone, Just catching up on the thread and a little late to the discussion. I'm in total agreement with other points already brought up that we should: Have some policies and guidance around

Hey all, we are doing our traditional TOC panel at KubeCon today: https://kccncna20.sched.com/event/f6Z1 Feel free to join us at the tail end of kubecon and if you have any questions, please let us

Thanks, this is a discussion point for the TOC but I think the reality will be a roll out in 2021 at some level. Also thank you Arun for pushing me to get this done in time for kubecon :) Please

Should we make it mandatory (which I think is a good idea), it would be useful to cross reference kubernetes who took the same approach for all leaders (I did the course as part of product security).

Chris, I just completed the course and it's extremely valuable. As already mentioned and noted for next TOC agenda, this should be a must for all leadership positions in CNCF. It took me > 1 hour to

Same! We would love a presentation! Shubhra please add itself to the agenda for an upcoming meeting in December. The Security SIG group meets every Wednesday at 10:00am PT (USA Pacific) Meeting

Add me as well. I am one of the maintainers on bandit (python ast based security linter) which hits around 25k downloads a day, so I have a fair amount of experience in what works / does not work well

Same, I'd be interested. ~Dave -- ~Dave

I would be interested in that. Justin

If this group is interested, my team would love to present the capabilities and limitations alike of the LFX security tool project. We are working on items like creating a SBOM policy management,

+1

This is a great initiative that also sends a message that security is part of the core functionality. Few suggestions: If we can ensure CNCF projects follow Container Image authoring best practices,

I'd be happy to join and help here. HUGE DISCLAIMER. I work at Snyk, which is the service powering the scans. I'm also a maintainer of Conftest as part of the Open Policy Agent project and know a

Liz, this is great! Having vulnerability scanning is a good thing, but looking into the results might be too many false positives (as you pointed out) and noise. In my experience, reviewing such a