You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Keeping in mind one of the OLMv1's main guiding principle - "Security by default" (https://operator-framework.github.io/operator-controller/) the security posture of both catalogd and operator-controller projects should be analyzed and a threat model for each of them should be prepared. Those models should then be kept up to date and be included in PR checklist.
Keeping in mind one of the OLMv1's main guiding principle - "Security by default" (https://operator-framework.github.io/operator-controller/) the security posture of both
catalogdandoperator-controllerprojects should be analyzed and a threat model for each of them should be prepared. Those models should then be kept up to date and be included in PR checklist.CNCF tag-security's Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security might be a good resource in helping to do that, as well as other resources or discussions (eg. cncf/tag-security#903) from that group - https://github.com/cncf/tag-security
The text was updated successfully, but these errors were encountered: