From 7acd3af1aa175fe1f28f57f9791cdb281d3e19be Mon Sep 17 00:00:00 2001 From: Rey Lejano Date: Thu, 3 Jun 2021 23:21:26 -0700 Subject: [PATCH] updated with suggested changes from tabbysable --- sig-security/security-audit-2021/RFP.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sig-security/security-audit-2021/RFP.md b/sig-security/security-audit-2021/RFP.md index 80ce26a72..d0ea8cb7e 100644 --- a/sig-security/security-audit-2021/RFP.md +++ b/sig-security/security-audit-2021/RFP.md @@ -163,8 +163,8 @@ The latest date to receive deliverables will be negotiated with the selected ven 1. The attack vector most concerned about is unauthenticated access to a cluster resulting in compromise of the [components in-scope](#project_goals_and_scope) 2. Crossing cluster boundaries for multi-cluster configuration -3. Crossing namespaces -4. Any attack vector that exists against the components in scope +3. Crossing namespace boundaries, an authenticated attacker being able to affect resources their credentials do not directly allow +4. Any other attack vector that exists against the components in scope ### Is there flexibility to wait for staff to be available to work on the audit?