Skip to content

Commit 69028ba

Browse files
minlu21minlu21
committed
Self Assessment: Comm Channels
1 parent bec884b commit 69028ba

File tree

1 file changed

+62
-7
lines changed

1 file changed

+62
-7
lines changed

SELF_ASSESSMENT.md

Lines changed: 62 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@
3131
## Metadata
3232

3333
| | |
34-
|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
34+
| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
3535
| Assessment Stage | Incomplete |
3636
| Software | [OSCAL Compass](https://github.com/oscal-compass) |
3737
| Security Provider | No. OSCAL Compass is designed to enable compliance document authoring, validation, and transformation. It can integrate with security providers, but is not itself a security provider. |
@@ -41,7 +41,7 @@
4141
### Security links
4242

4343
| Document | URL |
44-
|---------------|------------------------------------------------------------------|
44+
| ------------- | ---------------------------------------------------------------- |
4545
| Security file | https://github.com/oscal-compass/community/blob/main/SECURITY.md |
4646

4747
## Overview
@@ -76,9 +76,9 @@ what prevents an attacker from moving laterally after a compromise.--->
7676

7777
<!---These are the steps that a project performs in order to provide some service
7878
or functionality. These steps are performed by different actors in the system.
79-
Note, that an action need not be overly descriptive at the function call level.
79+
Note, that an action need not be overly descriptive at the function call level.
8080
It is sufficient to focus on the security checks performed, use of sensitive
81-
data, and interactions between actors to perform an action.
81+
data, and interactions between actors to perform an action.
8282
8383
For example, the access server receives the client request, checks the format,
8484
validates that the request corresponds to a file the client is authorized to
@@ -233,7 +233,56 @@ Automated testing is integrated into most repositories via GitHub Actions. These
233233
* Outbound. How do you communicate with your users? (e.g. flibble-announce@
234234
mailing list)-->
235235

236+
<details open>
237+
<summary><b>Internal</b>: How to communicate with your team mates?</summary>
238+
<!--All you need is a blank line-->
239+
240+
| Communication Channel | Usage |
241+
| ------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
242+
| [Slack](https://cloud-native.slack.com/archives/C06F3PEPNBW) | Real-time chats and team collaboration. |
243+
| [Google Group](https://groups.google.com/g/oscal-compass) | Formal email communications. Address is [email protected]. |
244+
| [GitHub Issues](https://github.com/oscal-compass/community/issues) | Tracks development tasks, bugs, and feature requests. |
245+
| [GitHub Pull Requests](https://github.com/oscal-compass/community/pulls) | Used exclusively for code reviews and internal feedback on contributions. |
246+
| [Zoom Meetings - Global](https://zoom-lfx.platform.linuxfoundation.org/meeting/91709345128?password=5510325d-895f-4932-a843-df728dc3028d) | Every other Tuesday starting on April 23, 2024 · 11:00 – 12:00pm ET [(convert to your local time)](https://mytime.io/11am/ET). |
247+
| [Zoom Meetings - APAC Friendly](https://zoom-lfx.platform.linuxfoundation.org/meeting/97945872533?password=abad1bfe-cc9a-49d8-9aa6-99bb469a434d) | Every other following Thursday starting on November 30, 2024 - 05:00 GMT / 16:00 AEDT / 1030 IST [(convert to your local time)](https://mytime.io/5am/GMT). |
248+
| [Meeting Agenda & Notes](https://docs.google.com/document/d/1XTYM7xnWlIqd-8Nn5-qtgvgk8kH3NSmYle5yZvaS7qs/edit?usp=sharing) | Shared notes and agendas for meetings. |
249+
| [Shared Calendar](https://zoom-lfx.platform.linuxfoundation.org/meetings/trestlegrc?view=week) | Schedule of upcoming meetings and events. |
250+
| [YouTube Channel](https://www.youtube.com/@OSCAL-Compass) | Provides users access to video recordings, tutorials, and meeting recordings. |
251+
252+
</details>
253+
254+
<details open>
255+
<summary><b>Inbound</b>: How do users or prospective users communicate with the team?</summary>
256+
<!--All you need is a blank line-->
257+
258+
| Communication Channel | Usage |
259+
| ------------------------------------------------------------------ | ---------------------------------------------------------------------------------- |
260+
| [Slack](https://cloud-native.slack.com/archives/C06F3PEPNBW) | Public channel for quick user questions. |
261+
| [Google Group](https://groups.google.com/g/oscal-compass) | Forum for user discussions and support. Address is [email protected]. |
262+
| [GitHub Issues](https://github.com/oscal-compass/community/issues) | Enables users to report issues and request features. |
263+
| [YouTube Channel](https://www.youtube.com/@OSCAL-Compass) | Provides users access to video recordings, tutorials, and meeting recordings. |
264+
265+
</details>
266+
267+
<details open>
268+
<summary><b>Outbound</b>: How do contributors communicate with the users?</summary>
269+
<!--All you need is a blank line-->
270+
271+
| Communication Channel | Usage |
272+
| ------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
273+
| [Slack](https://cloud-native.slack.com/archives/C06F3PEPNBW) | Community announcements and engagement. |
274+
| [Google Group](https://groups.google.com/g/oscal-compass) | Broadcasts updates and announcements to the community. Address is [email protected]. |
275+
| [GitHub Issues](https://github.com/oscal-compass/community/issues) | Communicates progress and resolutions. |
276+
| [Zoom Meetings - Global](https://zoom-lfx.platform.linuxfoundation.org/meeting/91709345128?password=5510325d-895f-4932-a843-df728dc3028d) | Public meeting for updates and engagement held every other Tuesday starting on April 23, 2024 · 11:00 – 12:00pm ET [(convert to your local time)](https://mytime.io/11am/ET). |
277+
| [Zoom Meetings - APAC Friendly](https://zoom-lfx.platform.linuxfoundation.org/meeting/97945872533?password=abad1bfe-cc9a-49d8-9aa6-99bb469a434d) | Public meeting for updates and engagement held every other following Thursday starting on November 30, 2024 - 05:00 GMT / 16:00 AEDT / 1030 IST [(convert to your local time)](https://mytime.io/5am/GMT). |
278+
| [Meeting Agenda & Notes](https://docs.google.com/document/d/1XTYM7xnWlIqd-8Nn5-qtgvgk8kH3NSmYle5yZvaS7qs/edit?usp=sharing) | Transparent documentation for the community. |
279+
| [Shared Calendar](https://zoom-lfx.platform.linuxfoundation.org/meetings/trestlegrc?view=week) | Schedule of upcoming meetings and events. |
280+
| [YouTube Channel](https://www.youtube.com/@OSCAL-Compass) | Broadcasts presentations, webinars, and official announcements. |
281+
282+
</details>
283+
236284
### Ecosystem
285+
237286
<!---How does your software fit into the cloud native ecosystem? (e.g.
238287
Flibber is integrated with both Flocker and Noodles which covers
239288
virtualization for 80% of cloud users. So, our small number of "users" actually
@@ -243,14 +292,19 @@ Flibber encryption by default.)-->
243292
## Security issue resolution
244293

245294
### Responsible Disclosures Process
295+
246296
<!--- A outline of the project's responsible
247297
disclosures process should suspected security issues, incidents, or
248298
vulnerabilities be discovered both external and internal to the project. The
249299
outline should discuss communication methods/strategies.-->
300+
250301
### Vulnerability Response Process
302+
251303
<!---Who is responsible for responding to a
252304
report. What is the reporting process? How would you respond?-->
305+
253306
### Incident Response
307+
254308
<!--A description of the defined procedures for triage,
255309
confirmation, notification of vulnerability or security incident, and
256310
patching/update availability.--->
@@ -260,11 +314,12 @@ patching/update availability.--->
260314
<!---* Known Issues Over Time. List or summarize statistics of past vulnerabilities
261315
with links. If none have been reported, provide data, if any, about your track
262316
record in catching issues in code review or automated testing.-->
317+
263318
### [Open SSF Best Practices](https://www.bestpractices.dev/en)
264319

265-
OSCAL Compass is making great progress towards earning OpenSSF Best Practices badges across all repositories!
266-
🚀 The team has focused on the most mature components, and we are excited to share that Trestle has already met the passing level criteria!
267-
✅ We're on track to achieve full compliance soon! 🎯
320+
OSCAL Compass is making great progress towards earning OpenSSF Best Practices badges across all repositories!
321+
🚀 The team has focused on the most mature components, and we are excited to share that Trestle has already met the passing level criteria!
322+
✅ We're on track to achieve full compliance soon! 🎯
268323

269324
<!---* Case Studies. Provide context for reviewers by detailing 2-3 scenarios of
270325
real-world use cases.

0 commit comments

Comments
 (0)