[Project] Security Pals, Assemble!

[JustinCappos]

Description: I'd like to run a pilot at NYU where I have a class of 100-150 students help CNCF projects get a self assessment completed. The students will work in groups and use the new Security Pals process to work with the projects.

Impact: Any CNCF projects at the graduated and incubating levels that have not either completed a self assessment (or opted out) will have a first pass at a self assessment completed. If we have enough effort, we will also extend this to cover sandbox projects.

Benefit to Ecosystem: Projects will gain an understanding of how understandable their documentation is and how welcoming their project is to newcomers, in addition to the aforementioned self assessment.

Scope: This will take a lot of effort from myself and the students at NYU, who will do this as part of a series of assignments in a graduate level introductory security class. Students will understand threat modeling and similar processes, but should not be expected to understand cloud native technologies in depth.

Note to Maintainers: The time per project for the project maintainers should be a few developer days worth of time answering questions. To help your project be successful, please be patient and welcoming when interacting with students. If you have a problem, please reach out to me sooner, rather than later and we can try to correct.

Expected Timeline: The work will be done over a duration of roughly 4 weeks (roughly mid-November - mid-December, dates TBA). Some students may want to stay engaged with projects after this period.

Ask from CNCF TOC: I would appreciate the TOC and others announcing this effort at upcoming KubeCon events to raise project awareness. I would also appreciate some CNCF communications being sent out at the start / end of this to further provide updates.

Ask from CNCF PR team: Also, NYU and the CNCF can collectively do PR related to this initiative.

Intent to lead: Justin Cappos

• I volunteer to be a project lead on this proposal if the community is
  interested in pursing this work. This statement of intent does not preclude
  others from co-leading or becoming lead in my stead.

Proposal to Project:

• Added to the planned meeting template for August 1st, 2023
• Raised in a Security TAG meeting to determine interest - August 1st, 2023
• Collaborators comment on issue for determine interest and nominate project
  lead
• Scope determined via meeting mm dd and/or shared document add link
  with call for participation in #tag-security slack channel thread add link
  and mailing list email add link
• Scope presented to Security TAG leadership and Sponsor is assigned

TO DO

• Security TAG Leadership Representative: @sublimino & @PushkarJ
• Project leader(s): @JustinCappos
• Issue is assigned to project leaders and Security TAG Leadership
  Representative
• Project Members:
• Fill in addition TODO items here so the project team and community can
  see progress!
• Scope
• Deliverable(s)
• Project Schedule
• Slack Channel (as needed)
• Meeting Time & Day:
• Meeting Notes (link)
• Meeting Details (zoom or hangouts link)
• Retrospective

[caniszczyk]

This is awesome, is there anything we can do for some of the students who participate in the program? Swag? Encourage them to apply for scholarships for kubecon etc?

[JustinCappos]

This is awesome, is there anything we can do for some of the students who participate in the program? Swag? Encourage them to apply for scholarships for kubecon etc?

Both / either would be appreciated! There will be ~120 or so students and the quality of their work will likely vary. Let me know if you want to have any selection process, etc. for some aspects of this.

I don't know how much you're thinking of doing here. I think it would be great to have t-shirts for all and maybe fast track students that participate after the end of the assignment for Kubecon scholarships... I'm open to whatever makes sense from your side.

[ragashreeshekar]

Great initiative @JustinCappos
I'm interested to collaborate in the capacity necessary for assessments, technical mentorship, program management etc.

[JustinCappos]

Great initiative @JustinCappos I'm interested to collaborate in the capacity necessary for assessments, technical mentorship, program management etc.

Okay, great. It will be great to have some folks from the CNCF side willing to guide parts of this. Even if it is only to help train the TAs, this will be a huge help!

[Rana-KV]

Hi all,
I'm the course assistant for @JustinCappos. I would be working on security self assessment of Karmada. As part of this process, I will initiate an issue for the self-assessment within the TAG-security repository and another one within the Karmada project repository to keep them in the loop.