The purpose of the Security WG is to have a center of gravity for discussions and thought leadership within the energy sector on software security, which will create the standard approach from software security as the industry evolves and the use of open source continues to grow. This will provide market education on pressing topics such as the software supply chain, which will ensure that solutions can be developed in a secure and safe manner. The group intends to work cross-functionally across LFE, but also bring in and leverage expertise from other groups such as CNCF.
- Bring member’s organization’s best practices internally on software security into a vendor-neutral public discussion.
- Capture the industry challenges in software security, especially those coming to light with the energy transition.
- Succinctly define software security as it applies to the industry.
- Coaching and guidance to hosted LFE projects on software security best practices and recommendations on resources for projects.
- Not leveraging existing software security standards or collaborating
with other software security efforts. (i.e. reinventing the wheel).
- Framework for security in open source projects in LFE (work to be done by postdoc).
- Training and education resources for use by projects and members.
- Resources for projects to pass the security requirements outlined in
the CII Best Practices badge.
- Collect resources on this Wiki page
- Definition & Challenges
- Best Practices
- Join the mailing list to become actively involved: https://lists.lfenergy.org/g/security
- 1) Describe the problem
- 2) Describe the LFE solution derived from similar efforts
- Implementation (select test project, develop training material)
- Security Data architecture support as a topic