Merge pull request #4976 from JayBeale/patch-2

Retiring wg-security-audit and transferring assets to sig-security

OWNERS_ALIASES

@@ -136,11 +136,6 @@ aliases:
     - deads2k
     - stevekuznetsov
     - wojtek-t
-  wg-security-audit-leads:
-    - aasmall
-    - cji
-    - jaybeale
-    - joelsmith
   ug-big-data-leads:
     - erikerlandson
     - foxish

archive/wg-security-audit/letter-to-steering.md

@@ -0,0 +1,26 @@
+Dear Steering Committee:
+
+
+We propose the creation of a new Kubernetes SIG: SIG Security.
+
+
+In managing the Third-Party Security Audits, the Working Group realized that its efforts didn’t end with the completion of each audit. The audit’s process and findings demonstrated the need to advocate for stronger security defaults, facilitate outreach for both developers and end-users, and drive structural security improvements.
+
+At KubeCon San Diego, we presented the results of the audit with a call to action for the broader community to take the findings and drive them into a better, more secure, Kubernetes. We were met with far more support than we could reasonably channel in our current form.
+
+We worked with members of SIG Auth, the Product Security Committee, the SIG Docs Security subproject, and the CIS Benchmark maintainers to identify underserved aspects of their domains. To express the scope and responsibilities of the new SIG, we all collaborated on a draft charter for your consideration. 
+
+We hope that the entire group behind this draft charter can serve the Kubernetes project via this SIG.
+
+Thank you.
+
+Signed,
+
+
+Aaron, Craig, Jay, Joel, Tim, Ian, Micah, Seth, Peter, Rory, Liz 
+
+
+
+You can find our proposed charter in this pull request:
+
+https://github.com/kubernetes/community/pull/4962/commits/535d9eab9c37826edd39d79f70e94f51330bb15c

sig-list.md

@@ -61,7 +61,6 @@ When the need arises, a [new SIG can be created](sig-wg-lifecycle.md)
 |[Naming](wg-naming/README.md)|* Architecture<br>* Contributor Experience<br>* Docs<br>|* [Celeste Horgan](https://github.com/celestehorgan), CNCF<br>* [Jaice Singer DuMars](https://github.com/jdumars), Apple<br>* [Stephen Augustus](https://github.com/justaugustus), VMware<br>* [Zach Corleissen](https://github.com/zacharysarah), Linux Foundation<br>|* [Slack](https://kubernetes.slack.com/messages/wg-naming)<br>* [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-wg-naming)|* Regular WG Meeting: [Mondays at 10:30 PT (Pacific Time) (monthly - second Monday of month)](https://zoom.us/j/91522666403?pwd=WnRSNlNhNXhDWkR2ZU9ydGpsNWxtZz09)<br>
 |[Policy](wg-policy/README.md)|* Architecture<br>* Auth<br>* Multicluster<br>* Network<br>* Node<br>* Scheduling<br>* Storage<br>|* [Erica von Buelow](https://github.com/ericavonb), Red Hat<br>* [Howard Huang](https://github.com/hannibalhuang), Huawei<br>|* [Slack](https://kubernetes.slack.com/messages/wg-policy)<br>* [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-wg-policy)|* Regular WG Meeting: [Wednesdays at 16:00 PT (Pacific Time) (weekly)](https://zoom.us/j/7375677271)<br>
 |[Reliability](wg-reliability/README.md)|* Architecture<br>* Cluster Lifecycle<br>* Release<br>* Scalability<br>* Testing<br>|* [David Eads](https://github.com/deads2k), Red Hat<br>* [Steve Kuznetsov](https://github.com/stevekuznetsov), Red Hat<br>* [Wojciech Tyczynski](https://github.com/wojtek-t), Google<br>|* [Slack](https://kubernetes.slack.com/messages/wg-reliability)<br>* [Mailing List](TODO)|* Regular WG Meeting: [TODOs at TODO TODO (biweekly)](TODO)<br>
-|[Security Audit](wg-security-audit/README.md)|* Auth<br>|* [Aaron Small](https://github.com/aasmall), Invitae<br>* [Craig Ingram](https://github.com/cji), Stripe<br>* [Jay Beale](https://github.com/jaybeale), InGuardians<br>* [Joel Smith](https://github.com/joelsmith), Red Hat<br>|* [Slack](https://kubernetes.slack.com/messages/wg-security-audit)<br>* [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-wg-security-audit)|* Regular WG Meeting: [Mondays at 12:00 PT (Pacific Time) (weekly)](https://docs.google.com/document/d/1RbC4SBZBlKth7IjYv_NaEpnmLGwMJ0ElpUOmsG-bdRA/edit)<br>
 
 ### Master User Group List
 

sigs.yaml

@@ -2820,39 +2820,6 @@ workinggroups:
   contact:
     slack: wg-reliability
     mailing_list: TODO
-- dir: wg-security-audit
-  name: Security Audit
-  mission_statement: >
-    Perform a security audit on k8s with a vendor and produce as artifacts a threat
-    model and whitepaper outlining everything found during the audit.
-
-  stakeholder_sigs:
-  - Auth
-  label: security-audit
-  leadership:
-    chairs:
-    - github: aasmall
-      name: Aaron Small
-      company: Invitae
-    - github: cji
-      name: Craig Ingram
-      company: Stripe
-    - github: jaybeale
-      name: Jay Beale
-      company: InGuardians
-    - github: joelsmith
-      name: Joel Smith
-      company: Red Hat
-  meetings:
-  - description: Regular WG Meeting
-    day: Monday
-    time: "12:00"
-    tz: PT (Pacific Time)
-    frequency: weekly
-    url: https://docs.google.com/document/d/1RbC4SBZBlKth7IjYv_NaEpnmLGwMJ0ElpUOmsG-bdRA/edit
-  contact:
-    slack: wg-security-audit
-    mailing_list: https://groups.google.com/forum/#!forum/kubernetes-wg-security-audit
 usergroups:
 - dir: ug-big-data
   name: Big Data