diff options
| author | Aaron Small <aaron@smallnet.org> | 2018-10-29 13:32:41 -0700 |
|---|---|---|
| committer | Aaron Small <aaron@smallnet.org> | 2018-10-29 13:32:41 -0700 |
| commit | b6e551bc142ebd8475fb63237d0463e7080fe244 (patch) | |
| tree | 544208504b06da8e71a2860d51349d59c3c17a7f | |
| parent | 11a12eac3a2176bdb8cc0f03e4202fbcd21bd407 (diff) | |
final in-meeting updates.
| -rw-r--r-- | wg-security-audit/RFP.md | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/wg-security-audit/RFP.md b/wg-security-audit/RFP.md index 433fc37f..8d79d48d 100644 --- a/wg-security-audit/RFP.md +++ b/wg-security-audit/RFP.md @@ -2,7 +2,7 @@ ## Kubernetes Third Party Security Audit -The Kubernetes Third-Party Audit Working Group (working group, henceforth) is soliciting proposals from select Information Security vendors for a comprehensive security audit of the Kubernetes Project. +The Kubernetes Third-Party Audit Working Group (working group, henceforth) is soliciting proposals from select Information Security vendors for a comprehensive security audit of the Kubernetes Project. ### Eligible Vendors @@ -15,24 +15,26 @@ Only the following vendors will be permitted to submit proposals: - Insomnia - Atredis Partners -### RPF Process +If your proposal includes sub-contractors, please include relevant details from their firm such as CVs, past works, etc. -This RFP will be open between 2018/10/22 and 2019/11/18. +### RFP Process -The working group will answer questions for the first two weeks of this period. +This RFP will be open between 2018/10/29 and 2019/11/26. + +The working group will answer questions for the first two weeks of this period. Questions can be submitted [here](https://docs.google.com/forms/d/e/1FAIpQLSd5rXSDYQ0KMjzSEGxv0pkGxInkdW1NEQHvUJpxgX3y0o9IEw/viewform?usp=sf_link). All questions will be answered publicly in this document. Proposals must include CVs, resumes, and/or example reports from staff that will be working on the project. -- 2018/10/22: RFP Open, Question period open -- 2018/11/05: Question period closes -- 2018/11/19: RFP Closes -- 2018/11/26: The working group will announce vendor selection +- 2018/10/29: RFP Open, Question period open +- 2018/11/12: Question period closes +- 2018/11/26: RFP Closes +- 2018/12/04: The working group will announce vendor selection ## Audit Scope -The scope of the audit is the 3 most recent releases (1.10, 1.11, 1.12) of the core [Kubernetes project](https://github.com/kubernetes/kubernetes). +The scope of the audit is the most recent release (1.12) of the core [Kubernetes project](https://github.com/kubernetes/kubernetes). - Findings within the [bug bounty program](https://github.com/kubernetes/community/blob/master/contributors/guide/bug-bounty.md) scope are in scope. |