Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project risk assessment process/docs - NEW - OSPS-DO-17 #120

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Project risk assessment process/docs - NEW - OSPS-DO-17 #120

wants to merge 4 commits into from
+26 −0

Conversation

SecurityCRob
Copy link
Contributor

added proposal for OSPS-DO-18 for project's risk assessment process & docs

@SecurityCRob
Update baseline.yaml - NEW - OSPS-DO-17
c59bc17 
added proposal for OSPS-DO-18 for project's risk assessment process & docs

Signed-off-by: CRob <[email protected]>
evankanderson
evankanderson reviewed Dec 18, 2024
View reviewed changes
baseline.yaml Outdated Show resolved Hide resolved
@SecurityCRob SecurityCRob added documentation Improvements or additions to documentation enhancement New feature or request labels Dec 18, 2024
funnelfiasco
funnelfiasco requested changes Dec 19, 2024
View reviewed changes
baseline.yaml Outdated Show resolved Hide resolved
david-a-wheeler
david-a-wheeler reviewed Dec 20, 2024
View reviewed changes
baseline.yaml Outdated Show resolved Hide resolved
david-a-wheeler
david-a-wheeler reviewed Dec 20, 2024
View reviewed changes
baseline.yaml Outdated Show resolved Hide resolved
@david-a-wheeler
Copy link
Contributor

The term "threat" is really vague, it's not clear what level we're discussing. E.g., is this a list of threats?: "Unintentional vulnerability in our code", "Malicious vulnerability in our code", "Vulnerability in dependency", "Insecure design"? Can we suggest a specific list as a starting point?

Can we identify some OSS projects as examples who have done this? For all our criteria we should be pointing to projects that have done it.

SecurityCRob and others added 2 commits January 2, 2025 11:24
@SecurityCRob @david-a-wheeler
Update baseline.yaml
12de1c2 
Co-authored-by: David A. Wheeler <[email protected]>
Signed-off-by: CRob <[email protected]>
@SecurityCRob @david-a-wheeler
Update baseline.yaml
7943474 
Co-authored-by: David A. Wheeler <[email protected]>
Signed-off-by: CRob <[email protected]>
@SecurityCRob SecurityCRob mentioned this pull request Jan 6, 2025
Open
@funnelfiasco funnelfiasco changed the title Update baseline.yaml - NEW - OSPS-DO-17 Project risk assessment process/docs - NEW - OSPS-DO-17 Jan 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheFoxAtWork TheFoxAtWork TheFoxAtWork left review comments

@evankanderson evankanderson evankanderson left review comments

@david-a-wheeler david-a-wheeler david-a-wheeler left review comments

@puerco puerco Awaiting requested review from puerco

@eddie-knight eddie-knight Awaiting requested review from eddie-knight

@funnelfiasco funnelfiasco Awaiting requested review from funnelfiasco

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@SecurityCRob @david-a-wheeler @funnelfiasco @evankanderson @TheFoxAtWork