summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKubernetes Prow Robot <k8s-ci-robot@users.noreply.github.com>2020-09-25 12:26:48 -0700
committerGitHub <noreply@github.com>2020-09-25 12:26:48 -0700
commitf9636eae389b188b259ae186614d15916dbfa5fe (patch)
tree9b89af9baf31ad750384e8f33aef2ac11e408f36
parentc038f43a4c57a66b9c20c99f3d10f9a0fa6b0514 (diff)
parent683ec8f8a392522933b8950a052dfdce6da6a812 (diff)
Merge pull request #4976 from JayBeale/patch-2
Retiring wg-security-audit and transferring assets to sig-security
Diffstat
-rw-r--r--OWNERS_ALIASES5
-rw-r--r--archive/wg-security-audit/OWNERS (renamed from wg-security-audit/OWNERS)0
-rw-r--r--archive/wg-security-audit/README.md (renamed from wg-security-audit/README.md)0
-rw-r--r--archive/wg-security-audit/letter-to-steering.md26
-rw-r--r--sig-list.md1
-rw-r--r--sig-security/security-audit-2019/Atredis and Trail of Bits Proposal.pdf (renamed from wg-security-audit/Atredis and Trail of Bits Proposal.pdf)bin437215 -> 437215 bytes
-rw-r--r--sig-security/security-audit-2019/RFP.md (renamed from wg-security-audit/RFP.md)0
-rw-r--r--sig-security/security-audit-2019/RFP_Decision.md (renamed from wg-security-audit/RFP_Decision.md)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/dataflow/original dataflow.dot (renamed from wg-security-audit/ancillary-data/dataflow/original dataflow.dot)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/dataflow/original dataflow.png (renamed from wg-security-audit/ancillary-data/dataflow/original dataflow.png)bin102692 -> 102692 bytes
-rw-r--r--sig-security/security-audit-2019/ancillary-data/dataflow/process.sh (renamed from wg-security-audit/ancillary-data/dataflow/process.sh)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/dataflow/requirements.txt (renamed from wg-security-audit/ancillary-data/dataflow/requirements.txt)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/dataflow/tm.py (renamed from wg-security-audit/ancillary-data/dataflow/tm.py)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/dataflow/updated-dataflow.dot (renamed from wg-security-audit/ancillary-data/dataflow/updated-dataflow.dot)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/dataflow/updated-dataflow.png (renamed from wg-security-audit/ancillary-data/dataflow/updated-dataflow.png)bin321280 -> 321280 bytes
-rw-r--r--sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/container-runtime.md (renamed from wg-security-audit/ancillary-data/rapid-risk-assessments/container-runtime.md)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/etcd.md (renamed from wg-security-audit/ancillary-data/rapid-risk-assessments/etcd.md)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kcm-ccm-notes.md (renamed from wg-security-audit/ancillary-data/rapid-risk-assessments/kcm-ccm-notes.md)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kube-apiserver.md (renamed from wg-security-audit/ancillary-data/rapid-risk-assessments/kube-apiserver.md)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kube-proxy.md (renamed from wg-security-audit/ancillary-data/rapid-risk-assessments/kube-proxy.md)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kube-scheduler.md (renamed from wg-security-audit/ancillary-data/rapid-risk-assessments/kube-scheduler.md)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kubelet.md (renamed from wg-security-audit/ancillary-data/rapid-risk-assessments/kubelet.md)0
-rw-r--r--sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/template.md (renamed from wg-security-audit/ancillary-data/rapid-risk-assessments/template.md)0
-rw-r--r--sig-security/security-audit-2019/findings/AtredisPartners_Attacking_Kubernetes-v1.0.pdf (renamed from wg-security-audit/findings/AtredisPartners_Attacking_Kubernetes-v1.0.pdf)bin602228 -> 602228 bytes
-rw-r--r--sig-security/security-audit-2019/findings/Kubernetes Final Report.pdf (renamed from wg-security-audit/findings/Kubernetes Final Report.pdf)bin1036373 -> 1036373 bytes
-rw-r--r--sig-security/security-audit-2019/findings/Kubernetes Threat Model.pdf (renamed from wg-security-audit/findings/Kubernetes Threat Model.pdf)bin595162 -> 595162 bytes
-rw-r--r--sig-security/security-audit-2019/findings/Kubernetes White Paper.pdf (renamed from wg-security-audit/findings/Kubernetes White Paper.pdf)bin233299 -> 233299 bytes
-rw-r--r--sigs.yaml33
28 files changed, 26 insertions, 39 deletions
diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES
index 9c69f20c..01eac561 100644
--- a/OWNERS_ALIASES
+++ b/OWNERS_ALIASES
@@ -136,11 +136,6 @@ aliases:
- deads2k
- stevekuznetsov
- wojtek-t
- wg-security-audit-leads:
- - aasmall
- - cji
- - jaybeale
- - joelsmith
ug-big-data-leads:
- erikerlandson
- foxish
diff --git a/wg-security-audit/OWNERS b/archive/wg-security-audit/OWNERS
index bd60c850..bd60c850 100644
--- a/wg-security-audit/OWNERS
+++ b/archive/wg-security-audit/OWNERS
diff --git a/wg-security-audit/README.md b/archive/wg-security-audit/README.md
index fd6af780..fd6af780 100644
--- a/wg-security-audit/README.md
+++ b/archive/wg-security-audit/README.md
diff --git a/archive/wg-security-audit/letter-to-steering.md b/archive/wg-security-audit/letter-to-steering.md
new file mode 100644
index 00000000..cb9b123a
--- /dev/null
+++ b/archive/wg-security-audit/letter-to-steering.md
@@ -0,0 +1,26 @@
+Dear Steering Committee:
+
+
+We propose the creation of a new Kubernetes SIG: SIG Security.
+
+
+In managing the Third-Party Security Audits, the Working Group realized that its efforts didn’t end with the completion of each audit. The audit’s process and findings demonstrated the need to advocate for stronger security defaults, facilitate outreach for both developers and end-users, and drive structural security improvements.
+
+At KubeCon San Diego, we presented the results of the audit with a call to action for the broader community to take the findings and drive them into a better, more secure, Kubernetes. We were met with far more support than we could reasonably channel in our current form.
+
+We worked with members of SIG Auth, the Product Security Committee, the SIG Docs Security subproject, and the CIS Benchmark maintainers to identify underserved aspects of their domains. To express the scope and responsibilities of the new SIG, we all collaborated on a draft charter for your consideration.
+
+We hope that the entire group behind this draft charter can serve the Kubernetes project via this SIG.
+
+Thank you.
+
+Signed,
+
+
+Aaron, Craig, Jay, Joel, Tim, Ian, Micah, Seth, Peter, Rory, Liz
+
+
+
+You can find our proposed charter in this pull request:
+
+https://github.com/kubernetes/community/pull/4962/commits/535d9eab9c37826edd39d79f70e94f51330bb15c
diff --git a/sig-list.md b/sig-list.md
index 52969867..82a4b9e1 100644
--- a/sig-list.md
+++ b/sig-list.md
@@ -61,7 +61,6 @@ When the need arises, a [new SIG can be created](sig-wg-lifecycle.md)
|[Naming](wg-naming/README.md)|* Architecture<br>* Contributor Experience<br>* Docs<br>|* [Celeste Horgan](https://github.com/celestehorgan), CNCF<br>* [Jaice Singer DuMars](https://github.com/jdumars), Apple<br>* [Stephen Augustus](https://github.com/justaugustus), VMware<br>* [Zach Corleissen](https://github.com/zacharysarah), Linux Foundation<br>|* [Slack](https://kubernetes.slack.com/messages/wg-naming)<br>* [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-wg-naming)|* Regular WG Meeting: [Mondays at 10:30 PT (Pacific Time) (monthly - second Monday of month)](https://zoom.us/j/91522666403?pwd=WnRSNlNhNXhDWkR2ZU9ydGpsNWxtZz09)<br>
|[Policy](wg-policy/README.md)|* Architecture<br>* Auth<br>* Multicluster<br>* Network<br>* Node<br>* Scheduling<br>* Storage<br>|* [Erica von Buelow](https://github.com/ericavonb), Red Hat<br>* [Howard Huang](https://github.com/hannibalhuang), Huawei<br>|* [Slack](https://kubernetes.slack.com/messages/wg-policy)<br>* [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-wg-policy)|* Regular WG Meeting: [Wednesdays at 16:00 PT (Pacific Time) (weekly)](https://zoom.us/j/7375677271)<br>
|[Reliability](wg-reliability/README.md)|* Architecture<br>* Cluster Lifecycle<br>* Release<br>* Scalability<br>* Testing<br>|* [David Eads](https://github.com/deads2k), Red Hat<br>* [Steve Kuznetsov](https://github.com/stevekuznetsov), Red Hat<br>* [Wojciech Tyczynski](https://github.com/wojtek-t), Google<br>|* [Slack](https://kubernetes.slack.com/messages/wg-reliability)<br>* [Mailing List](TODO)|* Regular WG Meeting: [TODOs at TODO TODO (biweekly)](TODO)<br>
-|[Security Audit](wg-security-audit/README.md)|* Auth<br>|* [Aaron Small](https://github.com/aasmall), Invitae<br>* [Craig Ingram](https://github.com/cji), Stripe<br>* [Jay Beale](https://github.com/jaybeale), InGuardians<br>* [Joel Smith](https://github.com/joelsmith), Red Hat<br>|* [Slack](https://kubernetes.slack.com/messages/wg-security-audit)<br>* [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-wg-security-audit)|* Regular WG Meeting: [Mondays at 12:00 PT (Pacific Time) (weekly)](https://docs.google.com/document/d/1RbC4SBZBlKth7IjYv_NaEpnmLGwMJ0ElpUOmsG-bdRA/edit)<br>
### Master User Group List
diff --git a/wg-security-audit/Atredis and Trail of Bits Proposal.pdf b/sig-security/security-audit-2019/Atredis and Trail of Bits Proposal.pdf
index ca82ac39..ca82ac39 100644
--- a/wg-security-audit/Atredis and Trail of Bits Proposal.pdf
+++ b/sig-security/security-audit-2019/Atredis and Trail of Bits Proposal.pdf
Binary files differ
diff --git a/wg-security-audit/RFP.md b/sig-security/security-audit-2019/RFP.md
index dd9fc94e..dd9fc94e 100644
--- a/wg-security-audit/RFP.md
+++ b/sig-security/security-audit-2019/RFP.md
diff --git a/wg-security-audit/RFP_Decision.md b/sig-security/security-audit-2019/RFP_Decision.md
index c00fdf5c..c00fdf5c 100644
--- a/wg-security-audit/RFP_Decision.md
+++ b/sig-security/security-audit-2019/RFP_Decision.md
diff --git a/wg-security-audit/ancillary-data/dataflow/original dataflow.dot b/sig-security/security-audit-2019/ancillary-data/dataflow/original dataflow.dot
index 02d2f830..02d2f830 100644
--- a/wg-security-audit/ancillary-data/dataflow/original dataflow.dot
+++ b/sig-security/security-audit-2019/ancillary-data/dataflow/original dataflow.dot
diff --git a/wg-security-audit/ancillary-data/dataflow/original dataflow.png b/sig-security/security-audit-2019/ancillary-data/dataflow/original dataflow.png
index 62c6680e..62c6680e 100644
--- a/wg-security-audit/ancillary-data/dataflow/original dataflow.png
+++ b/sig-security/security-audit-2019/ancillary-data/dataflow/original dataflow.png
Binary files differ
diff --git a/wg-security-audit/ancillary-data/dataflow/process.sh b/sig-security/security-audit-2019/ancillary-data/dataflow/process.sh
index 0a446eb3..0a446eb3 100644
--- a/wg-security-audit/ancillary-data/dataflow/process.sh
+++ b/sig-security/security-audit-2019/ancillary-data/dataflow/process.sh
diff --git a/wg-security-audit/ancillary-data/dataflow/requirements.txt b/sig-security/security-audit-2019/ancillary-data/dataflow/requirements.txt
index f65609d4..f65609d4 100644
--- a/wg-security-audit/ancillary-data/dataflow/requirements.txt
+++ b/sig-security/security-audit-2019/ancillary-data/dataflow/requirements.txt
diff --git a/wg-security-audit/ancillary-data/dataflow/tm.py b/sig-security/security-audit-2019/ancillary-data/dataflow/tm.py
index 245501ff..245501ff 100644
--- a/wg-security-audit/ancillary-data/dataflow/tm.py
+++ b/sig-security/security-audit-2019/ancillary-data/dataflow/tm.py
diff --git a/wg-security-audit/ancillary-data/dataflow/updated-dataflow.dot b/sig-security/security-audit-2019/ancillary-data/dataflow/updated-dataflow.dot
index 671e2dde..671e2dde 100644
--- a/wg-security-audit/ancillary-data/dataflow/updated-dataflow.dot
+++ b/sig-security/security-audit-2019/ancillary-data/dataflow/updated-dataflow.dot
diff --git a/wg-security-audit/ancillary-data/dataflow/updated-dataflow.png b/sig-security/security-audit-2019/ancillary-data/dataflow/updated-dataflow.png
index c86cd09e..c86cd09e 100644
--- a/wg-security-audit/ancillary-data/dataflow/updated-dataflow.png
+++ b/sig-security/security-audit-2019/ancillary-data/dataflow/updated-dataflow.png
Binary files differ
diff --git a/wg-security-audit/ancillary-data/rapid-risk-assessments/container-runtime.md b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/container-runtime.md
index 98130bf1..98130bf1 100644
--- a/wg-security-audit/ancillary-data/rapid-risk-assessments/container-runtime.md
+++ b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/container-runtime.md
diff --git a/wg-security-audit/ancillary-data/rapid-risk-assessments/etcd.md b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/etcd.md
index bbba4fff..bbba4fff 100644
--- a/wg-security-audit/ancillary-data/rapid-risk-assessments/etcd.md
+++ b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/etcd.md
diff --git a/wg-security-audit/ancillary-data/rapid-risk-assessments/kcm-ccm-notes.md b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kcm-ccm-notes.md
index b6bfbb64..b6bfbb64 100644
--- a/wg-security-audit/ancillary-data/rapid-risk-assessments/kcm-ccm-notes.md
+++ b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kcm-ccm-notes.md
diff --git a/wg-security-audit/ancillary-data/rapid-risk-assessments/kube-apiserver.md b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kube-apiserver.md
index 0fb851d8..0fb851d8 100644
--- a/wg-security-audit/ancillary-data/rapid-risk-assessments/kube-apiserver.md
+++ b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kube-apiserver.md
diff --git a/wg-security-audit/ancillary-data/rapid-risk-assessments/kube-proxy.md b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kube-proxy.md
index 521d0e83..521d0e83 100644
--- a/wg-security-audit/ancillary-data/rapid-risk-assessments/kube-proxy.md
+++ b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kube-proxy.md
diff --git a/wg-security-audit/ancillary-data/rapid-risk-assessments/kube-scheduler.md b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kube-scheduler.md
index 5628f8d1..5628f8d1 100644
--- a/wg-security-audit/ancillary-data/rapid-risk-assessments/kube-scheduler.md
+++ b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kube-scheduler.md
diff --git a/wg-security-audit/ancillary-data/rapid-risk-assessments/kubelet.md b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kubelet.md
index ec972ded..ec972ded 100644
--- a/wg-security-audit/ancillary-data/rapid-risk-assessments/kubelet.md
+++ b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/kubelet.md
diff --git a/wg-security-audit/ancillary-data/rapid-risk-assessments/template.md b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/template.md
index b3808395..b3808395 100644
--- a/wg-security-audit/ancillary-data/rapid-risk-assessments/template.md
+++ b/sig-security/security-audit-2019/ancillary-data/rapid-risk-assessments/template.md
diff --git a/wg-security-audit/findings/AtredisPartners_Attacking_Kubernetes-v1.0.pdf b/sig-security/security-audit-2019/findings/AtredisPartners_Attacking_Kubernetes-v1.0.pdf
index 65ab1e66..65ab1e66 100644
--- a/wg-security-audit/findings/AtredisPartners_Attacking_Kubernetes-v1.0.pdf
+++ b/sig-security/security-audit-2019/findings/AtredisPartners_Attacking_Kubernetes-v1.0.pdf
Binary files differ
diff --git a/wg-security-audit/findings/Kubernetes Final Report.pdf b/sig-security/security-audit-2019/findings/Kubernetes Final Report.pdf
index fea307e6..fea307e6 100644
--- a/wg-security-audit/findings/Kubernetes Final Report.pdf
+++ b/sig-security/security-audit-2019/findings/Kubernetes Final Report.pdf
Binary files differ
diff --git a/wg-security-audit/findings/Kubernetes Threat Model.pdf b/sig-security/security-audit-2019/findings/Kubernetes Threat Model.pdf
index 9f7be3ea..9f7be3ea 100644
--- a/wg-security-audit/findings/Kubernetes Threat Model.pdf
+++ b/sig-security/security-audit-2019/findings/Kubernetes Threat Model.pdf
Binary files differ
diff --git a/wg-security-audit/findings/Kubernetes White Paper.pdf b/sig-security/security-audit-2019/findings/Kubernetes White Paper.pdf
index 867bb48e..867bb48e 100644
--- a/wg-security-audit/findings/Kubernetes White Paper.pdf
+++ b/sig-security/security-audit-2019/findings/Kubernetes White Paper.pdf
Binary files differ
diff --git a/sigs.yaml b/sigs.yaml
index 86ce44d7..952210e6 100644
--- a/sigs.yaml
+++ b/sigs.yaml
@@ -2820,39 +2820,6 @@ workinggroups:
contact:
slack: wg-reliability
mailing_list: TODO
-- dir: wg-security-audit
- name: Security Audit
- mission_statement: >
- Perform a security audit on k8s with a vendor and produce as artifacts a threat
- model and whitepaper outlining everything found during the audit.
-
- stakeholder_sigs:
- - Auth
- label: security-audit
- leadership:
- chairs:
- - github: aasmall
- name: Aaron Small
- company: Invitae
- - github: cji
- name: Craig Ingram
- company: Stripe
- - github: jaybeale
- name: Jay Beale
- company: InGuardians
- - github: joelsmith
- name: Joel Smith
- company: Red Hat
- meetings:
- - description: Regular WG Meeting
- day: Monday
- time: "12:00"
- tz: PT (Pacific Time)
- frequency: weekly
- url: https://docs.google.com/document/d/1RbC4SBZBlKth7IjYv_NaEpnmLGwMJ0ElpUOmsG-bdRA/edit
- contact:
- slack: wg-security-audit
- mailing_list: https://groups.google.com/forum/#!forum/kubernetes-wg-security-audit
usergroups:
- dir: ug-big-data
name: Big Data
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-12 20:23:51 +0000