You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Projects which are very early on in their maturity may use a short process to
40
+
Projects which are very early on in their maturity may use a short process to
41
41
get some initial feedback by documenting their threat model and security design.
42
-
They use an abbreviated process which does not result in a joint assessment or a
42
+
They use an abbreviated process which does not result in a joint assessment or a
43
43
detailed review by TAG Security.
44
44
45
45
Note: Responsible roles for specific items are in **bold**
@@ -48,7 +48,7 @@ Note: Responsible roles for specific items are in **bold**
48
48
49
49
The self-assessment provides projects with the opportunity to examine the
50
50
existing security provisions of the project. It can serve as their initial
51
-
security documentation for users.
51
+
security documentation for users.
52
52
53
53
#### Create a [presentation issue](https://github.com/cncf/tag-security/issues/new?assignees=&labels=usecase-presentation&template=presentation.md&title=%5BPresentation%5D+Presentation+Title)
54
54
@@ -97,7 +97,7 @@ created to coordinate the activities.
97
97
#### Project creates a self-assessment
98
98
99
99
As is listed in the above section, the project should create a self-assessment.
100
-
This should be created as a google doc to make it easier for the TAG Security
100
+
This should be created as a google doc to make it easier for the TAG Security
101
101
members to edit and comment upon.
102
102
103
103
#### Project provides the self assessment and reviewers are assigned
@@ -153,12 +153,12 @@ prior to the *3 week* time frame for a TSSA.
153
153
***Lead security reviewer or their designee** will perform an initial, clarifying
154
154
assessment to:
155
155
* Verify completeness
156
-
* Ask for clarifications
156
+
* Ask for clarification
157
157
* Ensure terms are defined
158
158
* Ensure concepts introduced are explained with context
159
159
* Provide quick feedback
160
160
161
-
**Imporantantly, comments on the document should be addressed in the document text, as
161
+
**Importantly, comments on the document should be addressed in the document text, as
162
162
the comments will be lost when the document is later converted to markdown.**
163
163
164
164
#### Security assessment
@@ -194,10 +194,10 @@ questions and feedback to the reviewers and project.
194
194
195
195
The assessment team also should give a quick rundown of the assessment recommendations.
196
196
197
-
#### Final artefacts which are committed
197
+
#### Final artifacts which are committed
198
198
199
-
The self assessment and joint assessment are added to the repository under a
200
-
directory named for the project name. The issue may then be closed and the PR
199
+
The self assessment and joint assessment are added to the repository under a
200
+
directory named for the project name. The issue may then be closed and the PR
0 commit comments