You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: Maintain a list of incidents that were assessed but do not meet the definition of a software supply chain security compromise
Impact: It helps the industry and the community be precise in their definition of software supply chain security compromises by describing prime examples that are NOT a software supply chain security compromise, regardless of their impact and visibility
Scope: A new append-only Markdown file under supply-chain-security/compromises called not-a-compromise.md with a very simple structure: year, URL(s), and a description of why it doesn't meet the definition.
Intent to lead:
I volunteer to be a project lead on this proposal if the community is
interested in pursing this work. This statement of intent does not preclude
others from co-leading or becoming lead in my stead.
Proposal to Project:
This proposal is being raised on GitHub Issues.
Added to the planned meeting template for mm dd
Raised in a Security TAG meeting to determine interest - mm dd
Collaborators comment on issue for determine interest and nominate project
lead
Scope determined via meeting mm dd and/or shared document add link
with call for participation in #tag-security slack channel thread add link
and mailing list email add link
Scope presented to Security TAG leadership and Sponsor is assigned
TO DO
Happy to take the discussion to the appropriate forum, but planning for that to be GitHub Issues for now. I intend to follow up with a PR bootstrapping this idea.
Security TAG Leadership Representative:
Project leader(s):
Issue is assigned to project leaders and Security TAG Leadership
Representative
Project Members:
Fill in addition TODO items here so the project team and community can
see progress!
Scope
Deliverable(s)
Project Schedule
Slack Channel (as needed)
Meeting Time & Day:
Meeting Notes (link)
Meeting Details (zoom or hangouts link)
Retrospective
The text was updated successfully, but these errors were encountered:
Description: Maintain a list of incidents that were assessed but do not meet the definition of a software supply chain security compromise
Impact: It helps the industry and the community be precise in their definition of software supply chain security compromises by describing prime examples that are NOT a software supply chain security compromise, regardless of their impact and visibility
Scope: A new append-only Markdown file under
supply-chain-security/compromises
callednot-a-compromise.md
with a very simple structure: year, URL(s), and a description of why it doesn't meet the definition.Intent to lead:
interested in pursing this work. This statement of intent does not preclude
others from co-leading or becoming lead in my stead.
Proposal to Project:
This proposal is being raised on GitHub Issues.
lead
with call for participation in #tag-security slack channel thread add link
and mailing list email add link
TO DO
Happy to take the discussion to the appropriate forum, but planning for that to be GitHub Issues for now. I intend to follow up with a PR bootstrapping this idea.
Representative
see progress!
The text was updated successfully, but these errors were encountered: