History

LinshanYu 6568f99aad fixurl		2020-02-25 18:42:02 +08:00
..
ancillary-data	Added final reports	2019-08-06 08:30:27 -07:00
findings	added updated version of final report	2019-08-06 12:17:37 -07:00
Atredis and Trail of Bits Proposal.pdf	published accepted proposal and updated mailing lists	2019-01-28 13:34:35 -08:00
OWNERS	Updated OWNERS files to include link to docs	2019-01-30 19:37:21 +01:00
README.md	Run make to use new generator templates	2019-08-08 12:54:16 -07:00
RFP.md	fixurl	2020-02-25 18:42:02 +08:00
RFP_Decision.md	Add wg-security-audit RFP decision process	2019-02-08 12:12:13 -05:00

README.md

Security Audit Working Group

Perform a security audit on k8s with a vendor and produce as artifacts a threat model and whitepaper outlining everything found during the audit.

Stakeholder SIGs

SIG Auth

Meetings

Regular WG Meeting: Mondays at 13:00 PT (Pacific Time) (weekly). Convert to your timezone.

Organizers

Aaron Small (@aasmall), Google
Craig Ingram (@cji), Salesforce
Jay Beale (@jaybeale), InGuardians
Joel Smith (@joelsmith), Red Hat

Contact

Published Documents

Trail of Bits and Atredis Partners, in collaboration with the Security Audit Working Group, have released the following documents which detail their assessment of Kubernetes security posture and their findings.

Findings

Ancillary Data

Mailing Lists

Sensitive communications regarding the audit should be sent to the private variant of the mailing list.

Request For Proposals

The RFP was open between 2018/10/29 and 2018/11/30 and has been published here.

Vendor Selection

The RFP is now closed. The working group selected Trail of Atredis, a collaboration between Trail of Bits and Atredis Partners to perform the audit.

You can read more about the vendor selection here.