Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

First cut at security audit guidelines #125

Merged
merged 28 commits into from
May 2, 2019
Merged

First cut at security audit guidelines #125

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
4a66450
draft guidelines
JustinCappos Jan 18, 2019
ee8befc
Update draftguidelines.md
JustinCappos Jan 18, 2019
f576e82
directory rename
ultrasaurus Apr 11, 2019
95c9efe
rename file (since mostly outline)
ultrasaurus Apr 11, 2019
050c64b
refactor content location, w/o text changes
ultrasaurus Apr 11, 2019
42fc444
add process to README
ultrasaurus Apr 11, 2019
5fb123a
security reviewer role
ultrasaurus Apr 11, 2019
3bfb1e9
added back time-and-effort, accidentally dropped in refactor
ultrasaurus Apr 12, 2019
14b5b12
added a description of project lead role
ultrasaurus Apr 12, 2019
eb76909
Merge pull request #1 from ultrasaurus/securityaudit-refactor
JustinCappos Apr 12, 2019
48c90f9
remove SAFE reference, in anticipation of name change
ultrasaurus Apr 12, 2019
b7fb720
changed order, added section headings, no text modifications
ultrasaurus Apr 12, 2019
8527f02
filled in text for new sections, slight adjustments elsewhere for add…
ultrasaurus Apr 12, 2019
78c23e6
draft guidelines
JustinCappos Jan 18, 2019
6d22b37
Update draftguidelines.md
JustinCappos Jan 18, 2019
d758788
directory rename
ultrasaurus Apr 11, 2019
40e40fa
rename file (since mostly outline)
ultrasaurus Apr 11, 2019
8b1ffb0
refactor content location, w/o text changes
ultrasaurus Apr 11, 2019
275a5f0
add process to README
ultrasaurus Apr 11, 2019
91d8e07
security reviewer role
ultrasaurus Apr 11, 2019
b4b29ed
added back time-and-effort, accidentally dropped in refactor
ultrasaurus Apr 12, 2019
8e066ef
added a description of project lead role
ultrasaurus Apr 12, 2019
3887158
simplified readme with high level goals and link to guide
ultrasaurus Apr 12, 2019
875eb40
fix formatting, add a bit more explanation
ultrasaurus Apr 12, 2019
3d8dbd6
Merge pull request #4 from ultrasaurus/general-readme
JustinCappos Apr 12, 2019
aad11c1
Merge pull request #2 from ultrasaurus/securityaudit-refactor
JustinCappos Apr 12, 2019
e490eaf
adjust README content for improved navigation
ultrasaurus Apr 12, 2019
52221a1
Merge pull request #5 from ultrasaurus/readme-tweak
JustinCappos Apr 12, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
refactor content location, w/o text changes
  • Loading branch information
@ultrasaurus
ultrasaurus committed Apr 11, 2019
commit 050c64bc988c0bea03880bfb89c1ed6b15cf68c7
17 changes: 17 additions & 0 deletions assessments/guide/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
The SAFE WG has been ask to provide the CNCF’s TOC with effective
information about the security of different projects. The purpose of this
document is to outline the procedure by which a project should be audited
(by a set of members of the SAFE WG henceforth called SAFE examiners),
including the expected effort from different participants. This procedure
can help the CNCF ensure that projects that are being considered for
inclusion in the CNCF have reasonable security fundamentals that are
expected to stop an attacker.


Due to the nature and timeframe for the analysis, *this review is not meant
to subsume the need for a professional security audit of the code*. Audits
of implementation vulnerabilities and similar issues at that level are not
intended to be covered by this audit. The purpose of this effort is to
uncover design flaws and to obtain a clear articulation of what the project's
design goals and security properties are intended to be.

47 changes: 1 addition & 46 deletions assessments/guide/outline.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,4 @@
The SAFE WG has been ask to provide the CNCF’s TOC with effective
information about the security of different projects. The purpose of this
document is to outline the procedure by which a project should be audited
(by a set of members of the SAFE WG henceforth called SAFE examiners),
including the expected effort from different participants. This procedure
can help the CNCF ensure that projects that are being considered for
inclusion in the CNCF have reasonable security fundamentals that are
expected to stop an attacker.

Due to the nature and timeframe for the analysis, *this review is not meant
to subsume the need for a professional security audit of the code*. Audits
of implementation vulnerabilities and similar issues at that level are not
intended to be covered by this audit. The purpose of this effort is to
uncover design flaws and to obtain a clear articulation of what the project's
design goals and security properties are intended to be.


## Needed information for assessment
# Outline

First of all, the burden is primarily on the proposing project to
demonstrate it is secure in a manner that is understandable to the broader
Expand Down Expand Up @@ -81,31 +64,3 @@ community members to understand the answers to some questions, especially
involving deployment scenarios and the impact of attacks.


## Expected time / effort


The level of effort for the team providing the information is expected to
be around 80 hours of work. Note, that projects that have already
performed a security analysis internally are expected to have much lower
requirements.

The level of effort for the SAFE examiners is expected to be 10 hours.
Despite the fact that there may be some back and forth to get clarification
on a few points, it is expected analysis can usually be concluded in a few
weeks of effort. This will primarily involve carefully reading the written
document and analyzing the security assertions and assumptions. The SAFE WG
may decide on minimum security best practices for the software development
process that the project must also demonstrate it is following.

## SAFE examiner qualifications

Unless approved by the SAFE WG chairs, at least one of the examiners will
have previously performed a SAFE WG audit. (Exemptions are expected to be
granted bootstrap the process but only in extreme cases later on.) In
general, a SAFE examiner should have performed security audits for diverse
organizations. The ideal SAFE examiner should also have been the recipient
of security audits for a software project they manage. Note that it is
encouraged to have participation (shadowing) from participants that are not
yet qualified to help them gain the necessary skills to be a SAFE examiner
in the future.

6 changes: 6 additions & 0 deletions assessments/guide/project-lead.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
## Expected time / effort

The level of effort for the team providing the information is expected to
be around 80 hours of work. Note, that projects that have already
performed a security analysis internally are expected to have much lower
requirements.
12 changes: 12 additions & 0 deletions assessments/guide/security-reviewer.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
## SAFE examiner qualifications

Unless approved by the SAFE WG chairs, at least one of the examiners will
have previously performed a SAFE WG audit. (Exemptions are expected to be
granted bootstrap the process but only in extreme cases later on.) In
general, a SAFE examiner should have performed security audits for diverse
organizations. The ideal SAFE examiner should also have been the recipient
of security audits for a software project they manage. Note that it is
encouraged to have participation (shadowing) from participants that are not
yet qualified to help them gain the necessary skills to be a SAFE examiner
in the future.