diff options
| author | Rey Lejano <rlejano@gmail.com> | 2021-06-03 23:21:26 -0700 |
|---|---|---|
| committer | Rey Lejano <rlejano@gmail.com> | 2021-06-03 23:21:26 -0700 |
| commit | 7acd3af1aa175fe1f28f57f9791cdb281d3e19be (patch) | |
| tree | 6edc493d76b5d377e20b5ab2dd8077c3970f4c09 | |
| parent | 0bc865c242a9b4fd0f155d098bb8c38693053033 (diff) | |
updated with suggested changes from tabbysable
| -rw-r--r-- | sig-security/security-audit-2021/RFP.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sig-security/security-audit-2021/RFP.md b/sig-security/security-audit-2021/RFP.md index 80ce26a7..d0ea8cb7 100644 --- a/sig-security/security-audit-2021/RFP.md +++ b/sig-security/security-audit-2021/RFP.md @@ -163,8 +163,8 @@ The latest date to receive deliverables will be negotiated with the selected ven 1. The attack vector most concerned about is unauthenticated access to a cluster resulting in compromise of the [components in-scope](#project_goals_and_scope) 2. Crossing cluster boundaries for multi-cluster configuration -3. Crossing namespaces -4. Any attack vector that exists against the components in scope +3. Crossing namespace boundaries, an authenticated attacker being able to affect resources their credentials do not directly allow +4. Any other attack vector that exists against the components in scope ### Is there flexibility to wait for staff to be available to work on the audit? |