[cncf-sig-security] Supply Chain Security Paper Open for public comment

Chris Aniszczyk


---------- Forwarded message ---------
From: Emily Fox <themoxiefoxatwork@...>
Date: Fri, Apr 9, 2021 at 11:20 AM
Subject: [cncf-sig-security] Supply Chain Security Paper Open for public comment
To: <cncf-sig-security@...>

  The cloud native security supply chain security group has worked diligently in creating an initial draft paper that provides the community with:
* Recommendations for securing each point of an organisation's software supply chain, whether the organisation produces or consumes cloud native software.
* Justifications and explanations for recommendations commensurate with the risk level and assurance requirements of an organization
* Tooling to implement recommendations

We are asking you, the community, to review the paper and provide comments/suggestions/improvements by Friday April 23rd 2021 so that we may incorporate them and finalized the initial version.

You may access the document at the below URL:

Chris Aniszczyk (@cra)