Thanks to the efforts of folks in the Kubernetes project who care very much about information security, Kubernetes' SIG-Security has formed. To describe how this effort started, I'll quote the letter sent to the Steering Committee, signed by Security Audit Working Group leads Aaron Small, Craig Ingram, Jay Beale, and Joel Smith, as well as Tim Allclair, Ian Coldwater, Micah Hausler, Seth McCombs, Peter Benjamin, Rory McCune, and Liz Rice.
"In managing the Third-Party Security Audits, the [Security Audit] Working Group realized that its efforts didn’t end with the completion of each audit. The audit’s process and findings demonstrated the need to advocate for stronger security defaults, facilitate outreach for both developers and end-users, and drive structural security improvements.
At KubeCon San Diego, we presented the results of the audit with a call to action for the broader community to take the findings and drive them into a better, more secure, Kubernetes. We were met with far more support than we could reasonably channel in our current form."
Steering has granted us a new form: SIG-Security. Now it's on all of us to inspire others to join us, to do good work for the Kubernetes project and its users, and to invite more people to help.
We'll be having the last meeting of the Security Audit working group, which will also serve as the first meeting of the SIG, on Monday, August 31st, at 12pm. This will be a transition meeting, giving us a chance to share status and prepare for the SIG's announcement.
Here's the Zoom link to join:
Please see my next e-mail "SIG-Security Communications Resources" for the agenda, notes, Slack channel, and GitHub links.
P.S. There are others who contributed to both the letter and to getting to this stage. I'll call their names out here if they give their permission.