►
From YouTube: CNCF SIG Security 2020-07-01
Description
CNCF SIG Security 2020-07-01
A
A
A
A
B
B
B
B
B
B
B
B
C
C
C
C
C
C
C
C
D
A
D
D
E
E
E
D
A
A
So
it's
likely
that
we'll
try
and
figure
out
a
way
that
we
can
add
this
in
the
repo
and
then
basically
the
the
job
I'll
just
describe
it's
gonna
be
come
off
like
a
action
items
note-taker
and
just
like
you
know,
big
agenda
item
so
I
think
the
scribe
role
is
gonna,
be
simplifies
a
lot
more
in
the
future
and
also
I.
Think
eating
also
created
the
PR
to
add
the
squat
role
into
as
one
of
the
roles
and
then
she's
done
a
good
job
in
describing
what
it
will
be.
D
F
I'm
here
but
I,
don't
know
if
there's
anything
to
to
discuss,
there
was
one
person
who
commented
on
the
ticket
that
they
were
able
to
participate
in
that
group
and
I
think
we're
still
waiting
for
one
more
person
to
make
that
three
I
know
of
one
person
who
I
can
drag
into
it.
If
we,
if
nobody
else
signs
up
so
to
get
us
to
three
but
I,
don't
want
to
grow
people
and
if
I
don't
have
to.
If
we
can
get
one
more
person.
F
There's
a
github
ticket
in
six
security
to
find
people
to
volunteer
during
six
security
reviews
to
perform
hands
on
like
penetration
testing
of
applications,
and
so
we're
looking
for
people
to
volunteer
for
that
group
to
it
again.
It's
gonna
be
basically
just
no
no
additional
time
or
anything
than
the
regular
six
security
reviews,
but
this
is
just
volunteering
for
the
ham
song
and
part
of
it,
and
we
need
three
people
in
that
in
that
group
to
start
that,
it
still
yeah.
G
C
This
is
Ben
here
we
have
a
presentation
next
week.
I'll
take
the
whole
time.
There
was
something
that
I'd
been
working
on
in
terms
of
a
reference
architecture
for
FC
cops
and
see
ICD
that
I've
been
wanting
to
bring.
Hopefully
it's
close
to
where
I
wanted,
that
it
captures
the
entire
ecosystem.
It's
a
track
that
I'd
like
to
go
present
is
that
a
possibility.
I
can
always
wait
for
two
weeks
out.
I.
A
H
H
So
I
think
that
that
we
should
make
sure
that
the
message
that
we're
giving
is
clear
that
we
do
want
projects
when
they
enter
in
in
sandbox
to
be,
you
know,
to
be
ready
or
be
prepared
or
be
thinking
about
starting
that
process
really
as
soon
as
they
can.
It's
not
something
that
they
need
to
wait
until
they're,
you
incubate
and
review
or
graduation
review
to
do
so.
I
made
that
statement
as
a
statement
of
fact,
but
I
just
would
say,
that's
my
opinion
and
I'm
curious.
If
any
others
agree
or
disagree.
No.
I
Absolutely
I
think
that,
just
because
projects
are
not
I
mean
that,
because
there's
no
necessary
sort
of
dealings
before
sandbox
I
think
is
but
I
think
it's
very
important
that
at
sandbox
projects
do
present
to
six
security
and
to
introduce
themselves
when
they've
joined
if
they
haven't
before
and
and
the
the
assess
and
the
assessment
is
valuable
for
them
and
joining
sandbox
is
a
good
point
to
start.
You
know
thinking
about
these
things.
If
they
haven't
thought
about
them
before
or
have
extra
extra
help
now
they've
joined
the
community
and
I
think
is
a.
E
What
do
you,
what
do
you
think
about
having
not
being
a
gate,
but
an
invitation
does
that
change
in
your
mind.
So,
once
a
month
the
group
was
in
the
sandbox,
they
could
get
accepted
in
the
sandbox
rather
than
you
know,
in
incubation
and
graduation
we're
proposing
more
of
a
gate
to
acceptance,
but
in
sandbox
you
know
what
we
can
consider
doing.
E
H
Yeah
I
I
think
that's
effectively
what
we
have
now,
because
we're
not
a
gating
function
into
entrance
into
sandbox
yeah
anymore,
and
we
weren't
really
a
gating
function
before
this
in
practice.
So
you
know
effectively.
The
reality
is:
is
that
the
earth
at
the
earliest
we
can
do
something
is
encourage
projects
that
are
in
sandbox
to
come
to
us
ahead
of
time,
rather
than
waiting
until
incubation,
which
is
what
I'm
proposing.
H
H
Think
some
projects
were
getting
the
message
that
they
they
didn't
need
to
worry
about
an
assessment
because
they've
made
it
into
sandbox
and
begin
that
I
think
happened
in
part,
because
some
tickets
were
being
closed
for
projects
that
had
made
it
in
because
originally
the
ticket
was
opened
as
in
order
to
get
into
sandbox
to
this
of
it,
like
you
need
to
do
this
assessment,
but
it
shouldn't
be
a
even
though
that's
no
longer
a
gating
mechanism.
Closing
that
ticket
is
I
think
the
wrong
way
to
say
it.
It's
it's
the
way
to
say
hey.
A
A
D
C
G
Here's
why
it's
of
interest
to
me,
the
mapping
of
the
semantics
that
that
protocol
air
quotes
protocol
is
using
don't
map
very
cleanly
to
the
security
world,
and
it
has
things
like
buckets
and
triggers,
and
you
know
that
sort
of
thing
from
the
IT
world
more
abstractly.
So
you
know
I'm
trying
to
figure
out
a
way
that
we
can
do
this
as
we
you
know,
consider
what
we
would
like
to
see
for
telemetry
coming
from
open
source
projects.
G
D
G
You
know
I
can't
really
commit
anyone
else,
your
to
it
I.
It
seems
like
a
natural,
you
know
connection,
but
maybe
the
more
sensible
thing
is
to
you
know
let
the
people
that
have
more
bandwidth
to
pursue
this
to
you
know,
get
in
the
weeds
with
the
Prometheus
people,
and
you
know
see
where
that
fits
in
to
the
projects
that
come
through
here.
C
H
What
we're
waiting
on
is
we're
always
as
far
as
I'm
aware
always
blocked
on
projects.
I,
don't
think,
there's
a
an
assessment.
That's
going
on
now,
where
we
just
haven't
been
able
to
get
the
team
together.
But
that
being
said,
if
anybody
on
this
call
thinks
I'm
wrong
or
thinks
well,
that's
sort
of
true,
but
the
team
wasn't
really
together,
and
so
we
didn't
get
things
together
from
our
side.
Then
please,
let
me
know
and
I
will
push
and
put
that
together,
but
I.
D
I
H
Think,
at
least
from
our
perspective
in
the
community
we've
been
talking
about
here,
is
we
we
believe
that
you
know
like
we're
advising
the
TOC.
So
it's
not
our
place
to
say
to
the
TOC,
like
you
shouldn't,
put
a
project
in
this
place
because
we
haven't
done
our
role,
but
the
process
is
supposed
to
be
that
every
project
goes
through
our
process
that
that
needs
to
be
as
deemed
by
the
TSD.
So
the
TST
gets
more
complete
information
about
what
they
what
they
need
to
do
like,
so
they
can
make
the
most
informed
decision
effectively.
H
Will
be
sending
out
a
anyone,
who's
interested
in
cloud
custodian
participating
in
that
assessment?
Please
mention
it.
There
are
people
who
signed
up,
but
this
was
a
long
time
ago
and
a
lot
of
those
people
like,
for
instance,
Sarah
Allen,
have
had
things
happen
and
their
ability
to
participate,
as
perhaps
change
it
almost
like
it's
a
fresh
assessment.
H
We're
being
asked
to
do,
and
please
comment
on
their
okay,
yes,
and
we
have
already
created
things
like
the
custodian
black
assessment
room
and
other
things
like
that,
but
we'll
also
have
to
shift
that
around
and
invite
all
the
right
people-
and
things
like
that.
So
please
do
comment
on
the
issue
which
was
posted,
I,
think
in
the
in
the
channel
here
or
will
be
in
the
notes.