Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security and Compliance Updates #44

Open
siforster opened this issue Nov 11, 2022 · 0 comments
Open

Security and Compliance Updates #44

siforster opened this issue Nov 11, 2022 · 0 comments
Labels
Policy Process Technology

Comments

@siforster
Copy link
Collaborator

The Cloud Native Maturity Model requires further security and compliance updates.
Some points are as follow:
Security Scanning
Should this be emphasised through the software supply chain such as a build time as well as runtime?
What about fuzzing? Should this be a practice undertaken? The CNCF is fuzzing graduated projects.

Security Divisions within Organisations
What role do these play and for example how often should product or infrastructure teams engage with them?
What is the scope of their "powers"? Should they have the ability to direct that business critical systems be shut down or should their role be more advisory?

Access to CSP portals and tooling for developers
Should developers have direct access to cloud service provider portals and tooling or should this be arbitrated by internal tooling?
Should more senior developers have different access compared to junior developers?

Measuring Compliance
We can measure MTTR and other metrics relating to resilience but how do we measure GDPR? Is this something organisations should aspire to?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Policy Process Technology
Projects
Cartografos Issues
Status: 🚧 Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@siforster @daniellemcook