1.3 KiB
Dear Steering Committee:
We propose the creation of a new Kubernetes SIG: SIG Security.
In managing the Third-Party Security Audits, the Working Group realized that its efforts didn’t end with the completion of each audit. The audit’s process and findings demonstrated the need to advocate for stronger security defaults, facilitate outreach for both developers and end-users, and drive structural security improvements.
At KubeCon San Diego, we presented the results of the audit with a call to action for the broader community to take the findings and drive them into a better, more secure, Kubernetes. We were met with far more support than we could reasonably channel in our current form.
We worked with members of SIG Auth, the Product Security Committee, the SIG Docs Security subproject, and the CIS Benchmark maintainers to identify underserved aspects of their domains. To express the scope and responsibilities of the new SIG, we all collaborated on a draft charter for your consideration.
We hope that the entire group behind this draft charter can serve the Kubernetes project via this SIG.
Thank you.
Signed,
Aaron, Craig, Jay, Joel, Tim, Ian, Micah, Seth, Peter, Rory, Liz
You can find our proposed charter in this pull request: